Den 2019-10-08 kl. 12:24, skrev Christoph M. Becker:
On 08.10.2019 at 11:44, Björn Larsson wrote:
Den 2019-10-08 kl. 11:00, skrev Claude Pache:
When evaluating the _unique_ cost of migrating legacy code, it should
be balanced with the _continual_ cost of keeping the feature. That
includes:
* People wondering what that strange syntax does, or, worse, mistaking
it with a variation of string literal.
* Difficulty to search occurrences of `shell_exec`.
* People trying to deactivate functions executing external programs
(such as `shell_exec`) using the "disable_function" ini directive,
wondering how to deactivate the backtick operator (since there is no
`disable_operator` directive).
For the third one, one idea could be to extend the current
directive also working for backticks or create a new one.
Would that be an improvement?
<https://www.php.net/manual/en/language.operators.execution.php>:
| The backtick operator is disabled when safe mode is enabled or
| shell_exec() is disabled.
Thanks, then the third point above is not valid I presume.
Cheers //Björn L
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
