Yeah, +1 for remove!
----- Uwe Schindler theta...@php.net - http://www.php.net NSAPI SAPI developer Bremen, Germany > -----Original Message----- > From: kalle....@gmail.com [mailto:kalle....@gmail.com] On Behalf Of Kalle > Sommer Nielsen > Sent: Wednesday, November 17, 2010 5:09 PM > To: Internals > Subject: [PHP-DEV] Magic quotes in trunk > > Greetings > > I wanted to raise this topic before we go Alpha with trunk, regarding our > beloved magic_quotes feature. There seems to be mixed opinions regarding it > so I thought I would take it up for discussion. > > We have advised people not to use magic_quotes, register_globals and the like > for years, and they were marked as deprecated in 5.3.0+ if activated through > their php.ini directives. Yet magic_quotes still is set to "On" in 5.3.0. I think its > worth we either remove the feature or disable it in trunk as its a security > related feature. Lets have a look at what each of those options means: > > Removing magic_quotes): > Means we will remove the feature entirely in the source, we will throw an > E_CORE_ERROR if activated so people who have it enabled are forced to > disable it and make their applications work without magic_quotes. > This creates a minor issue for the hosts that simply disable it and have their > customers applications run without them which can create a security risk for > them, although it should be fairly limited. The functions to check for > magic_quotes_runtime should however stay for BC to avoid applications that > run on multiple versions of PHP from doing: > if(function_exists('...') && ...) > > Disabling them): > This will help to disable the spread of magic_quotes even more, and it can > safely be removed in the next major version of PHP. > > > My personal vote here goes towards removing them entirely. > > > What are your inputs on this matter? > > -- > regards, > > Kalle Sommer Nielsen > ka...@php.net > > -- > PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: > http://www.php.net/unsub.php -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
