Hi! On 10/16/11 2:14 PM, Pierre Joye wrote:
We have discussed that already on security, I barely see a reason to begin this discussion again. There is a clear possible security problem, clearly identified and not present before this "fix" was applied. It is easy to fix and does not make PHP worst or better than what it is now but only ensure that there is no BC, or new security issues.
Yes, the security problem was present before the fix was applied, and we discussed it on security where I repeatedly pointed out that this code has security hole regardless of any changes in PHP, the change only adds one scenario where it can be exploited, but there are many others.
It definitely makes PHP worse by propagating inconsistent APIs. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
