Hello Derick, Wednesday, February 2, 2005, 10:30:39 PM, you wrote:
> On Wed, 2 Feb 2005, Rasmus Lerdorf wrote: >> Ilia Alshanetsky wrote: >> >> Looking at my code here, it would actually be trivial to expose the >> >> raw data as superglobals, but what do we achieve then? We are simply >> >> renaming $_GET to $_GET_RAW or something like that? If you don't want >> >> any filtering to be done by default, simply don't turn it on. >> > >> > >> > In many cases it may not be possible to turn off automatic input filter, >> > because of limited access. >> >> I realize that. But the filter was likely turned on for a reason in >> such cases with the goal that all applications running on the server >> that need non-standard access to user data will have to be modified to >> explicitly access that data through an appropriate filter. > Well, people turn on safe mode just because the name implies that things > are safe too - which is wrong. I agree with Ilia, we should not mangle > request data by default. It's fine to provide filter functions but the > normal post/get/cookie data should be normally available through GET and > POST - this is starting to look like another magic_quotes. A bad thing! Besides that turning on by default could turn out to become a major BC. regards marcus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
