Hi, On Mon, 2008-12-08 at 16:03 +0000, Richard Quadling wrote: > But I also understand it is pretty shitty to miss a 1 liner (magic > quotes removed) and find everything broken and then to be told > RTFM/RTFCL.
There's a difference between this and other breaks: Most other BC breaks change the behavior in a way you can easily spot, the magic_quotes issue will only be spotted when actually testing for it - using the PHP app as it is supposed will work like a charm. Only when adding " or ' you get an SQL error ... which is a big security issue. (which again is different from other BC breaks which just result in not working code) I don't safe stuff relying on magic_quotes is safe but kicking it will open up way more attack vectors... :-( johannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
