On 23-Oct-06, at 4:48 AM, Stefan Esser wrote:
Hi,
I just wanted to remind you that PHP 5.2.0 will be released with
broken
and inconsistent input filtering.
Right now _SERVER is only passed through the input filter for apache 1
SAPI. All other SAPIs do not pass _SERVER variables through the
filter.
This will be a major headache for people using ext/filter etc...
In some SAPIs such as CLI it makes little sense to filter $_SERVER in
majority of cases. As a whole I do not believe $_SERVER in its
entirety needs to be filtered, given that at least 1/2 the data there
is not based on user-input. My suggestion is that people use
filter_var() function to filter components of the $_SERVER super-
global that they are using.
That said, in future release there are plans to extend support to
Apache 2 and cgi/fcgi sapis as well as add handling for $_REQUEST.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
