On Mon, Oct 17, 2011 at 12:59 AM, Stas Malyshev <smalys...@sugarcrm.com> wrote:
> Yes, the security problem was present before the fix was applied No, it was not. See the examples in the links I pasted earlier. The code was safe, under controlled context, before this change has applied. With the change the code becomes unsafe under uncontrolled context. That's not acceptable and besides the BC break, it introduce a security flaw. As stated many times, by many persons, in the previous discussion(s). Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
