On 11/18/10 8:25 AM, Johannes Schlüter wrote: > Hi, > > On Thu, 2010-11-18 at 11:20 -0500, Daniel Convissor wrote: >> Disabling magic quotes by default leads to the same confusion and security >> issues as removing them completely. > > ACK > >> But, we can remove magic quotes >> completely if we add a fail safe mechanism. Here are two potential >> options: >> >> 1) Add taint support (http://news.php.net/php.internals/37209) and enable >> it by default. This provides other security benefits, too. > > replace one magic which proved to be bad with another magic ...
Plus the performance hit of the taint patch is rather nasty. -R -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
