Christian, I suggest that you simply stop arguing with PHP developers about security issues. The problem is that they don't understand them. They are too arrogant. They actually believe they know everything better.
In such a situation there is only one healing. Stop giving them tips and let them run against walls again and again. With the last X releases and the again and again introduced BC breaks and additional security bugs they have pissed off already many of their users. At the moment they are very predictable. You send them a security bug and first they try to tell you that you are totally wrong (because you made a mistake by sending them a non working example). Then you recommend a way to fix it. But don't expect that they are fixing it the way you tell them... They will do something else to prove that they "outsmarted" you. Yeah guess what their fix is of course not a solution and as usual fixes just one of the symptoms. Stefan Esser -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
