Hi Johannes:
On Thu, Nov 18, 2010 at 05:25:49PM +0100, Johannes Schlter wrote:
>
> > 2) Error out if using CGI or web SAPI and one of the following is true:
> > a) php.ini does not contain "magic_quotes_gpc = Off"
> > b) php.ini contains "magic_quotes_runtime = On"
> > c) php.ini contains "magic_quotes_sybase = On"
> > d) php.ini does not exist
>
> d) is no option.
Yeah, I hear you and figured there would be objection.
At the same time, for server administrators, isn't knowingly creating one
file with "magic_quotes_gpc = Off" in it a very low hurdle compared to
unknowingly getting pwn3d and then having to clean up that mess later?
If this isn't acceptable, let's come up with some other fail-safe options.
Thanks,
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
