Well, people turn on safe mode just because the name implies that things are safe too - which is wrong. I agree with Ilia, we should not mangle request data by default. It's fine to provide filter functions but the normal post/get/cookie data should be normally available through GET and POST - this is starting to look like another magic_quotes. A bad thing!
Well, this is already in 5.0 via the input filtering hook. This is simply a public implementation of that hook. As far as I am concerned the only correct place to put a macro filter is before the data even gets to PHP and various corporate-wide security policies mandate this, or will mandate something like this in the near future. I'd like to be ahead of the curve and not behind it.
You guys can write your own implementation and put it in PECL alongside the one I am putting in there and we can decide if any of them should be bundled by default. Perhaps none of them should, but like it or not, people want to filter at this level and the extension to satisfy this need will be available to them in PECL.
-Rasmus
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
