While I like that your patch can be turned on and off in the INI, this sounds much more like an application-level problem, and thus should be implemented at the application level.
Loads of people have actually put stuff out that does this... ^ |
Other tests could be made: - on the browser headers - on IP ranges rather that on the single client IP address - and so on...
What about a scoring system (based on checks on the above and more?),
a bit like that which is used in products like spamAssassin, the ini setting could be a threshold value (0 basically meaning attempt no checks and any value > 0 && =< 1 to be reject/accept* threshold).
...anyway the idea of being able to do some kind of sanity check on behalf 'beginners' (no offensive intended) is a nice idea. Advanced users tend to have specific environment requirements (and set them up accordingly) and perform decent checking anyway.
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php