Can someone tell me, is there a specific security vulnerability on a server running PHP 4.4.0 and has allow_url_fopen set to ON in both cases.... where there is a security risk by allowing URL's to be used instead of directory paths on it's own server under it's own domain?
In other words, my hosting company is telling me that I can ONLY use a directory path when using allow_url_fopen to access a file on my own server instead of using a standard URL. I can open OTHER websites using my test script found here: http://www.newyorktaxidermy.org/modules.php?name=Membership&file=testurlopen
Ideas? Can someone, if it IS true, point me to where I can read up on this more in depth? I think they're blowing smoke up my .... well you get the idea.
Thanks in advance to all of you,
Matt
