On Fri, Nov 19, 2010 at 8:14 AM, Daniel Convissor <dani...@analysisandsolutions.com> wrote: > On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote: >> you can get pwn3d with magic_quotes_gpc = On > > That goes without saying. None the less, it will be problematic for PHP > to disable/remove a "security" feature that some people rely on.
Well then +1 for making the setting throw depreciated PHP startup notifications when turned on with a link to suggested security practices for SQL, exec(), passthru(), and other sensitive functions benefiting from magic quotes. Also throw an E_NOTICE depreciated for the magic_quotes_gpc() function as well for those that check if this setting is on/off. But please start the movement in the direction that this will be removed in the future. > > --Dan > > -- > T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y > data intensive web and database programming > http://www.AnalysisAndSolutions.com/ > 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409 > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
