On Fri, 4 Jul 2025, Tim Düsterhus wrote: > On 7/3/25 18:04, Derick Rethans wrote: > > > The intention behind the filter extension was that admins can set a > > default filter for *all* data coming in through this > > `filter.default` setting as a "safe" fallback. That could/should > > probably even be a > > Genuine question: Is that *intention* documented anywhere? > https://www.php.net/manual/en/function.filter-input.php only makes > factual statements about the behavior, but not how one is supposed to > use them. Similarly > https://www.php.net/manual/en/filter.configuration.php also says that > a default filter can be configured, but not why one would want to do > so.
I've done a bit of archeology, and came up with the following: The SAPI API was designed in 2003: https://github.com/php/php-src/commit/7429c2dc3f72ed9a6a41ccefc68595e76319cdae The extension started in PECL in 2005, and then was moved into the core distribution: https://pecl.php.net/package/filter — unfortunately it seems that the history of the SVN repository was lost. There is some context in the mailing list archive: - https://externals.io/message/25728#25738 - https://externals.io/message/43721 - https://news-web.php.net/php.internals/23064 - https://news-web.php.net/php.internals/23627 There is a comment from Rasmus on why filter keeps the raw information in 2006: https://news-web.php.net/php.pecl.dev/4000 in 2014: https://news-web.php.net/php.internals/74371 cheers, Derick -- https://derickrethans.nl | https://xdebug.org | https://dram.io Author of Xdebug. Like it? Consider supporting me: https://xdebug.org/support mastodon: @derickr@phpc.social @xdebug@phpc.social
