On 23/07/2019 21:58, Stanislav Malyshev wrote:
I think nicer would be to explain why we need second RFC and what it adds to the previous one. If I didn't get some context, please explain.
The previous one, as written, carried a high probability of silently leaking both code and data, but these arguments against it only gained prominence after the RFC had already passed.
V2 remedies that by maintaining default INI behaviour, as well as nullifying the possibility of code / data leaks by throwing a compiler exception if <? is encountered (and enabled), thus denying the VM an opportunity to execute a file which contains potentially leaky code.
If short tags are to be removed, V2 is a significantly more reasonable way of going about it.
-- Mark Randall -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
