rfc:allow_url_include
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:allow_url_include [2015/02/27 10:03] – yohgaki | rfc:allow_url_include [2017/09/22 13:28] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 15: | Line 15: | ||
Current **allow_url_include** behavior is wrong for 3 reasons. | Current **allow_url_include** behavior is wrong for 3 reasons. | ||
- | - Implicit allowance of URL is problematic. It's " | + | - Implicit allowance of URL formed filename |
- It does not make " | - It does not make " | ||
- Being INI_SYSTEM increases risk of security filter bypass. | - Being INI_SYSTEM increases risk of security filter bypass. |
rfc/allow_url_include.1425031419.txt.gz · Last modified: 2017/09/22 13:28 (external edit)