On Wed, 2 Feb 2005, Rasmus Lerdorf wrote: > Ilia Alshanetsky wrote: > >> Looking at my code here, it would actually be trivial to expose the > >> raw data as superglobals, but what do we achieve then? We are simply > >> renaming $_GET to $_GET_RAW or something like that? If you don't want > >> any filtering to be done by default, simply don't turn it on. > > > > > > In many cases it may not be possible to turn off automatic input filter, > > because of limited access. > > I realize that. But the filter was likely turned on for a reason in > such cases with the goal that all applications running on the server > that need non-standard access to user data will have to be modified to > explicitly access that data through an appropriate filter.
Well, people turn on safe mode just because the name implies that things are safe too - which is wrong. I agree with Ilia, we should not mangle request data by default. It's fine to provide filter functions but the normal post/get/cookie data should be normally available through GET and POST - this is starting to look like another magic_quotes. A bad thing! regards, Derick -- Derick Rethans http://derickrethans.nl | http://ez.no | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
