Pick 10 random PHP apps out there and go through them. With very very few exceptions 10 out of 10 will be insecure. And the blame here is not just on the developers of those applications, we are partially to blame for not providing enough tools and guidelines. This is what I am trying to rectify with minimum impact to the existing code and the way people do things. Some of your suggestions are good, but some just aren't feasible. For example, it would be difficult to implement your idea of only letting data through if a filter was assigned to it and having those filter assignments happen in the scripts themselves since that is too late in the game. It could be hacked, but it would be ugly and complex. Having just a single optional default filter per request is simpler to manage and implement.
We could filter the superglobals at run-time. There are two options:
a) Go over the super globals and filter each one.
b) If the superglobal JIT thingy works (which I think it does) then you could set a flag before using the first superglobal and it would happen JIT.
I'd probably prefer (a) though.
Andi
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
