Jordan Moore wrote:
So, what if an ISP (webhost) enables taint functionality, and a developer uses a PHP library that uses custom filter functions for filtering data. Will this developer see messages displayed on his PHP application even though filtering is being done?
Correctly implemented filtering library would untaint the data, of course. One of the TODOs might be providing API making easier to write such library.
-- Stanislav Malyshev, Zend Products Engineer [EMAIL PROTECTED] http://www.zend.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
