Sean Coates wrote:

While I like that your patch can be turned on and off in the INI, this sounds much more like an application-level problem, and thus should be implemented at the application level.

Loads of people have actually put stuff out that does this... ^ |
Other tests could be made:
- on the browser headers
- on IP ranges rather that on the single client IP address
- and so on...

What about a scoring system (based on checks on the above and more?),
a bit like that which is used in products like spamAssassin, the ini setting could be a threshold value (0 basically meaning attempt no checks and any value > 0 && =< 1 to be reject/accept* threshold).


...anyway the idea of being able to do some kind of sanity check on behalf 'beginners' (no offensive intended) is a nice idea. Advanced users tend to have specific environment requirements (and set them up accordingly) and perform decent checking anyway.

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to