Hi, Tom's FRC is trying to introduce tag less PHP script. However, it does not fix well known PHP vulnerability. i.e. LFI/RFI IMHO, this change introduce more complexity and do not solve any problem.
Making PHP tag a non mandatory would solve the well known vulnerability and do not introduce any new function. It's also fully compatible to existing codes. https://wiki.php.net/rfc/nophptags There would be many developers/administrators who would like to be protected from code like "include $_GET['var']". nophptags RFC protects systems from this kind of fatal vulnerable codes. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
