"J. Lewis Muir" <jlmuir%imca-cat.org@localhost> writes: > On 07/10, Emmanuel Dreyfus wrote: >> On Wed, Jul 04, 2018 at 11:00:27AM +0200, Emmanuel Dreyfus wrote: >> > PHP has a php://filter URL feature which in my opinion violates >> > the principle of least astonishment enough that we could want >> > an option to disable it. >> >> If nobody complain, I am about to commit the attached patch > > I know next to nothing about PHP, and I might not be understanding > what's going on, but why do you need this patch? It seems like a > security or security-feature patch, but if that's the case, why is it > not coming from upstream? A good point. Did you file a bug upstream? Is the issue that you think it's unsafe and they think it's a feature?
Attachment:
signature.asc
Description: PGP signature