On Thu, Jul 5, 2018 at 10:42 PM, Kalle Sommer Nielsen <ka...@php.net> wrote:
> Den tor. 5. jul. 2018 kl. 22.22 skrev Stanislav Malyshev < > smalys...@gmail.com>: > > > > Hi! > > > > > After looking into this, I think that FILTER_SANITIZE_MAGIC_QUOTES may > be a > > > legitimate filter, which just has a bad name. Next to other filters > that > > > perform htmlspecialchars and urlencode, it makes sense that there is > also a > > > filter that performs addslashes. Maybe we should just rename this > filter to > > > something which is not tainted by the "magic quotes" terminology? > > > > Makes sense. There's nothing specially evil in addslashes if used in > > appropriate context. Also, for those that are newer to PHP, "magic > > quotes" means very little. So it's a bad name from various perspectives. > > Having something like FILTER_SANITIZE_ADD_SLASHES would be fine. > > Thinking some more about it, I kinda agree with the sentiment and I > think a rename is much better as it doesn't really hurt. We could add > an alias constant instead and provoke an E_DEPRECATED if the old one > is used (given we don't give the filter the same numeric value). > Sounds reasonable to me. My only question would be when we would start emitting the deprecation notice. I'm not a fan of deprecating things in the same release as the alternative is introduced, so I would suggest to add the new alias in PHP 7.3 and perform the deprecation in PHP 7.4. Nikita
