Pierre wrote: > On Tue, 14 Mar 2006 07:32:15 -0800 > [EMAIL PROTECTED] (Andi Gutmans) wrote: > >> Yeah that sounds good. Maybe change UPDATE to UPDATING > > First draft commited in: > > php-src / README.UPDATING_TO_PHP6 > > --Pierre >
Hi, A few remarks: This code lacks the emulation for GET variables...? And as I remarked when Hannes Magnusson posted a link to the first version of this code on the list, this method of emulating register globals has severe security implications (way more than an enabled register globals), if $_POST has a key _SESSION it will overwrite the $_SESSION variable, corrupting the session data with user-supplied data. The same applies to $_SERVER. On a first glance, going through variables_order in reverse order and utilizing EXTR_SKIP seems safe, but someone better double-check that. Regards, Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
