Are the £1 hosting companies going to be using 5.4+ any time soon? I'm still coming across hosts who still transition 4.X -> 5.1/2. I think these slow moving hosts are going to form a natural time delay between any changes now and these changes taking affect on the parts of the user community who this will catch out, which (hopefully) should allow ample time for education and 'getting the word out'. And also, how far and long do you go to protect people from what is now an ugly/wrong/nasty feature of the language? Unless the proposal to get rid of MQ's is dropped (shudder), Its going to have go at some point and it would seem daft to try and wait until every app written that requires it to die out. And the longer the feature is on/usable, the more new code written that might really on it.
Just my 2 cents James -----Original Message----- From: Johannes Schlüter [mailto:johan...@schlueters.de] Sent: 18 November 2010 09:51 To: Adam Harvey Cc: Zeev Suraski; Larry Garfield; internals@lists.php.net Subject: Re: [PHP-DEV] Magic quotes in trunk On Thu, 2010-11-18 at 15:40 +0800, Adam Harvey wrote: > Yes, killing magic quotes will likely increase the support workload > for a time, I don't think it would increase support workload. Most people won't notice. What happens is that applications which are _a bit_ secure now will continue to run as before but become _completely_ insecure as there, unfortunately, are many users who don't know about the different issues. Code like mysql_query("SELECT id FROM table WHERE name = '".$_GET['name']."'"); is not too easy to exploit right now. As soon as m_q is gone it's trivial to exploit. And people won't notice. And lots of such code exists. Maybe not with internals subscribers, but there are enough people who learned programming just last week using PHP and have the $1 hosting package ... and many of these things live "forever". I think the default can only be changed in a change which breaks "a lot". To be clear: I am NOT saying that m_q is secure or safe. But dropping it lowers he bar quite a lot. johannes, who said this in multiple threads before ;-) -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
