reference/yaml/functions/yaml-parse-url.xml
b8758b0605e80c4e3610137b7502a6abeea5c69b
b8758b0605e80c4e3610137b7502a6abeea5c69b
...
...
@@ -14,7 +14,7 @@
14
14
<methodparam><type>string</type><parameter>url</parameter></methodparam>
15
15
<methodparam choice="opt"><type>int</type><parameter>pos</parameter><initializer>0</initializer></methodparam>
16
16
<methodparam choice="opt"><type>int</type><parameter role="reference">ndocs</parameter></methodparam>
17
-
<methodparam choice="opt"><type>array</type><parameter>callbacks</parameter></methodparam>
17
+
<methodparam choice="opt"><type>array</type><parameter>callbacks</parameter><initializer>&null;</initializer></methodparam>
18
18
</methodsynopsis>
19
19
<para>
20
20
Convert all or part of a YAML document stream read from a URL to a PHP variable.
...
...
@@ -73,12 +73,24 @@
73
73
&reftitle.returnvalues;
74
74
<para>
75
75
Returns the value encoded in <parameter>input</parameter> in appropriate
76
-
PHP type&return.falseforfailure;. If <parameter>pos</parameter> is <literal>-1</literal> an
77
-
<type>array</type> will be returned with one entry for each document found
78
-
in the stream.
76
+
PHP type&return.falseforfailure;. If <parameter>pos</parameter> is
77
+
<literal>-1</literal> an <type>array</type> will be returned with one entry
78
+
for each document found in the stream.
79
79
</para>
80
80
</refsect1>
81
81
82
+
<refsect1 role="notes">
83
+
&reftitle.notes;
84
+
<warning>
85
+
<para>
86
+
Processing untrusted user input with <function>yaml_parse_url</function>
87
+
is dangerous if the use of <function>unserialize</function> is enabled for
88
+
nodes using the <literal>!php/object</literal> tag. This behavior can be
89
+
disabled by using the <literal>yaml.decode_php</literal> ini setting.
90
+
</para>
91
+
</warning>
92
+
</refsect1>
93
+
82
94
<refsect1 role="seealso">
83
95
&reftitle.seealso;
84
96
<para>
85
97