But then everybody will just start using $_RAW_GET instead of $_GET.
What will that solve?
This was one of my concerns.
$_RAW_* is easy to grep for, though.
Sure, it can still be abused, but it'll be a lot easier to see WHERE
it's being abused. Currently, a grep for $_GET will return a large
number of false positives when searching for XSS (because it's the most
legit way of finding data entry points).
S
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
