On Wed, Apr 26, 2017 at 1:19 PM, Anatol Belski <a...@php.net> wrote: > What I'd basically avoid is making changes in stress, > as there might be other beyond places and we shouldn't > risk to introduce more breach than there already is. > Instead, that requires a cold head and a lot of QA 😉 > Which is precisely why I'm advocating reverting the whole lot. I've just sat down to try to at least address the mysqli_connect part and it's hairy. Basically we've built in precisely the kind of bad assumption that I was initially grousing about frameworks having done.
I don't mean to ignore the security issue presented by 74216, I just recognize that my initial fix was made hastily and we should allocate more time to fix it properly (with all that lovely QA and testing). -Sara -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
