Section A.1. allow_url_fopen

A.1. allow_url_fopen

As illustrated in Chapter 6, the allow_url_fopen directive allows you to reference remote resources as if they are local files:

     <?php     $contents = file_get_contents('');     ?> 

Chapter 5 reveals how dangerous this is when combined with the use of include or require:

     <?php     include '';     ?> 

I recommend disabling allow_url_fopen unless your application requires it.

Essential PHP Security
Essential PHP Security
ISBN: 059600656X
EAN: 2147483647
Year: 2005
Pages: 110

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: