On 22/02/12 15:57, Michael Morris wrote: > Before writing up a full RFC I want to put out a feeler on something. > Currently we have several input parameter objects, chief among them > $_GET, $_POST, $_REQUEST, $_SERVER (for the client HTTP headers). All > of them are arrays and legacy code sometimes writes to them. Locking > them as read only objects would cause a major BC break.
Why would you want to set them read-only? I agree that they should represent the input parameters, but there are times where modificating them is very useful. For instance, a framework code could be modifying $_GET on index.php to strip magic quotes before passing it down to another module. Even better, that code would work even for modules written before supporting that configuration. If the module had used directly such $_PARAMETERS, it would get wrong results. I guess we will start seeing the opposite behavior with 5.4, though: Code doing addslashes() on input parameters before running code which expected magic quotes (maybe at auto_prepend_file, even). But still, it's good to have such ability even if it's something to be avoided. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
