tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Option to disable php://filter URL (Emmanuel Dreyfus) writes:

> Greg Troxel <> wrote:
>> A good point.  Did you file a bug upstream?  Is the issue that you think
>> it's unsafe and they think it's a feature?
> Obviously PHP offers it as a feature. The problem is that when you look
> at existing software, the feature goes way beyond what most developers
> expected, hence it generates security problems.
> If you lookup php://filter attack with your favourite search engine, you
> will find that the topic is discussed a lot.

I'm not averse to having this, and I'm not even sure I'm averse to
having it disabld by default.  But, it would be good to note in comments
in the makefile that we diverge from upstream and why.  I am not
surprised by your response, but felt it was too much of a leap to assume
all that.

Attachment: signature.asc
Description: PGP signature

Home | Main Index | Thread Index | Old Index