Hi! On 10/13/11 5:06 PM, Rasmus Lerdorf wrote:
I agree that it is slightly messy, but we have painted ourselves into a bit of a corner with the 5.3 mess. Stas, the whole point here is that changing the is_a() default in 5.3 caused huge problems, including security ones, so setting allow_string to false by default fixes that BC
I've read complaints about is potentially causing security problems, but is there code out there that was OK before and has security problem with this change? I mean, a real-life app? I'm thinking maybe we should have this options - but maybe have both defaults set to true? This way if you have buggy code and you absolutely refuse to move to proper code you can easily fix it by putting false where needed, but at least our API is not broken anymore.
-- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
