This configuration encourages bad development practice and in doing so encourages SQL injection vulnerabilities in PHP applications developed on Ubuntu.
magic_quotes_gpc offers no protection against sophisticated injection attacks, and enabling it only serves to give novice developers a false sense of security. Developers who see that it is enabled are less likely to consider using practices that are guaranteed to prevent injection vulnerabilities. The feature only still exists for legacy compatibility, and enabling it by default is an illogical and dangerous mistake which should be corrected as soon as possible. It is a disservice to the developer community to wait for PHP 6 to fix this problem. -- PHP should be shipped with magic_quotes_gpc = Off in php.ini https://bugs.launchpad.net/bugs/204479 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
