On Thu, Apr 12, 2012 at 5:55 PM, Arvids Godjuks <arvids.godj...@gmail.com>wrote:
> I should point out that if you make you mind about a feature - you will > twist and turn it like hell, but you can't be convinced that it may make > more damage than good, or is just plain pointless because out there in the > wild the world actually is wild. And peoe do things differently for a > reason. > > I'm not trying to offend you or shame you, but you just ignore half valid > arguments. I personaly get a feeling that you don't do PHP development on a > regular basis, because for me, as a userland php developer, some things you > write are ridicilous and i would expect them from a beginer, a person > coming from a different language, but sure not from a serious seasoned PHP > developer. > I think a big part of the problem you're having stems from that mindset. I've been developing PHP for over 10 years now and it is my primary language. I've deployed more PHP applications and environments than I can count over the years on both Linux and Windows. I'd say probably 95% of the coding I do at work is PHP, about 99% of the work I do at home is PHP. I'm not claiming to be better or worse at PHP than anywayone else (my resume notwithstanding lol). The point is, you're assuming that, because my perspective and my ideas differ from what you believe to be acceptable, I therefore must be ignorant or otherwise unqualified. That's a very dangerous mindset to have in any endeavor and I would strongly encourage you to do some serious soul-searching on that, because you're only hurting yourself when you think that way. As for me ignoring arguments, I think you should go back through some of these threads. I've gone to a lot of trouble to respond to individual points. I'm sure I've probably missed a couple here and there amidst the sheer volume, but for the most part I think I've done pretty well. However, I think you're confusing failure to *hear* an argument with failure to *agree* with an argument. If I disprove or even just counter somebody else's argument, that doesn't mean I'm "ignoring" it. Quite the opposite, in fact. ;P > This hassle with the php tags, special extensions, optional php.ini > options will make my life harder. Why? Because two hosters will be able to > configure their envoirments differently. Who suffers? I suffer the > conciquences of that by working at 3am saturday morning and probably > getting into a fight with my wife about that. And getting fired if i refuse > to fix issues. > > I understand the concerns about the LFI or how it is called, but as many > people mentioned, its how the code is written. And if code is.written badly > - you can't do anything about it on the language level without restricting > writing the code in the first place. > You seem to be grouping me in with some other people, because a lot of what you just describe hasn't been proposed or even supported by me. For example, you stated that, "as many people have mentioned," LFI security comes down to how the code is written. Yeah, I know, because I'm one of those people who stated that. Right here. On Internals. I took a little bit of heat for it, too. I believe I summed-up the principle as, "A programming language can only be as smart as the person using it." That said, you'll notice that I didn't lodge any personal attacks at the person who suggested it. But I was nonetheless assertive and forceful in my arguments against it. That's where the difference lies. You can reduce somebody else's argument to a pile of dust without ever having to even hint at a personal attack; I do it all the time lol. > Those people that went for th include modification with the second > optional param are on the right track - you give the people the ability and > they will use it (i will). > > If someone could take all the energy wasted here and put to work on > drasticly improving PDO - that would be a real benifit to every one. Cause > right now pdo just sucks, a lot. > 13.04.2012 2:07 пользователь "Kris Craig" <kris.cr...@gmail.com> написал: > > >> >> On Thu, Apr 12, 2012 at 5:02 PM, Arvids Godjuks <arvids.godj...@gmail.com >> > wrote: >> >>> You all know where the short_tags, register_globals, magic_quotes and >>> other >>> stuff like that took the language and the problems it made. >>> Doesn`t history teach us a lesson? I see that it did not for some active >>> members of this list. >>> Many are still cleaning up the mess of thouse optional php.ini >>> directives, >>> Ibhad to clean up myself one project, took me 2 months to properly fix it >>> and make to run on PHP 5, anyway we ended up rewriting the whole thing >>> from >>> scratch, a year of day to day work. >>> Now i write my stuff E_ALL, including strict stuff and I know for a fact >>> that there is no php.ini switch that could screw up my applications on >>> different hosting platforms (yes, some minor things can happen in >>> specific >>> situations, but any properly configured PHP 5.3/5.4 will run smooth). And >>> now you purpose to add a switch that in one line can disable the >>> application for good (and get it's sources spit out all over the place). >>> And even if i write it in the right way - i have to convert every damn >>> external library. Ok, i upload it to the host and guess what - it spews >>> the >>> code out because it is configured for the <?php tag! >>> >>> It will never get adopted, too many legacy stuff, to many external tools. >>> And php native templates? I dont neet any twig, smarty or any other >>> stuff. >>> And guess what - most template engines cache compiled templates, and they >>> are - ta-daa - PHP EMBEDDED IN HTML CODE! >>> >>> Common sence is allien to some people on this list or what? >>> >> >> As is civility and basic mutual respect, it would seem. >> >
