On Thu, Jun 21, 2012 at 8:47 AM, Pierre Joye <pierre....@gmail.com> wrote: >> The reason for this situation is that a patch was applied for all >> branches, and then reverted, because Stas didn't consider the change >> towards always throwing a warning (even with display_errors=on) >> appropriate without further discussion. > > Well, not sure we have to discuss why such thing is bad. > display_errors must be respected. This kind of very ugly error handling is currently used in several places. It is meant to protect server administrators that are running production servers with display_errors=On from leaking information about encoding issues (which could be valuable to attackers). So the error is only thrown if it isn't shown to the client but logged instead. Personally I really don't like this, but I agree with Stas that this is a security relevant issue and shouldn't be simply changed without further discussion.
> 5.3 should be brought in line with 5.4. So you think that the corrected code should be backed out from PHP 5.3 and the incorrect 5.4/master behavior be restored? Thanks, Nikita -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
