At 12:29 15/08/2005, Derick Rethans wrote:
I think changing register_globals to a different name is a silly idea. You're only making things harder here. Perhaps you forgot that Rasmus was always advocating that register globals is a good thing, but now he actually wants to get rid of it after he saw the enourmous amounts of problems it caused regarding the security of our users' webapps.
Are you kidding me, how can I forget? I lead the effort to turn this darned thing off 3 or 4 years ago. I remember all too well how difficult it was, and the headaches it caused when it was done, but it was worth it. It doesn't mean I think we can just make it disappear without providing users with an upgrade path that does not include auditing their entire codebase. Yes, a script in userspace (bundled and without dependencies) is acceptable.
Not supporting him here in getting rid of this extremely (off-by default) horrid feature is definitely the way forward.
I think you negated yourself once too many :) Zeev -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
