On 10 April 2012 15:30, Yasuo Ohgaki <[email protected]> wrote:
> "allow_url_include" and "template_mode" is similar to me.
>
> allow_url_include: enable only when url include is needed.
> template_mode: enable only when template mode is needed.
>
> allow_url_include prevents RFI which may result in critical security incident.
> template_mode prevents LFI which may result in critical security incident..
>
> Note: template_mode=off is script only mode. On is current behavior.
Honestly, I'd consider allow_url_include a mistake, and would hate to
see additional configuration dependent behaviour enter PHP, as I've
said before.
Adam