manu%netbsd.org@localhost (Emmanuel Dreyfus) writes: > Greg Troxel <gdt%lexort.com@localhost> wrote: > >> A good point. Did you file a bug upstream? Is the issue that you think >> it's unsafe and they think it's a feature? > > Obviously PHP offers it as a feature. The problem is that when you look > at existing software, the feature goes way beyond what most developers > expected, hence it generates security problems. > > If you lookup php://filter attack with your favourite search engine, you > will find that the topic is discussed a lot. I'm not averse to having this, and I'm not even sure I'm averse to having it disabld by default. But, it would be good to note in comments in the makefile that we diverge from upstream and why. I am not surprised by your response, but felt it was too much of a leap to assume all that.
Description: PGP signature