Could we maybe stop running around in circles?
Its obvious that the input filter is for sysadmins only. Its not a developer tool, nor does it replace developer responsibilities. Since its an admin tool it will likely only be of interest on controlled servers. Think of them as a firewall equivalent like Rasmus pointed out a while back.
Obviously sys admins in these controlled environments dont need this be in by default but have no problem getting this feature from PECL. Therefore we are somewhat safe from stupid sys admins who use this as a generic security feature to hassle their shared users with.
Anyways once we agree this should go into PECL and not PHP 5.1 everything becomes easy. Since now we dont need to talk about this in internals but instead we can just go to Wez and ask him if its welcome in PECL or not.
Then we can discuss the important topic of more developer tools for security (tain model, sandboxing, convinient filter and escaping API) for PHP 5.2.
regards, Lukas
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
