Translations:Manual:Security/20/en

Remote PHP code execution vulnerabilities may depend on being able to inject a URL into a  or. If you don't require the use of remote file loading, turning this off can prevent attacks of this kind on vulnerable code.