Hi, Le 15/09/2015 17:09, Craig Francis a écrit :
But I think you will find it hard to get support... I was pushing this a few weeks ago (either the one from Wietse Venema, the one from Matt Tait, or even my own suggestion), but it seems the developers are more interested in features that make them seem cleaver, rather than pointing out their mistakes...
Mmh... you're probably right in some cases, but I will consider anybody coming with a *working* taint system as *very* clever. :) (and where are the mistakes ?)
My opinion is similar to Anthony's : I'm not worried about false positives, but implementing a system that gives the user a wrong feeling of security is definitely a no-go. So, IMO, the 'untaint' logic still requires a lot of work and, I may be wrong, but I'm afraid there's no quick and easy solution for this.
Regards François -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
