In my opinion a big change like droping something that was and still
used by many people are a "security measure", albeit a poor one is
something that can only be done in a major release.
On 8-Dec-08, at 10:47 AM, Johannes Schlüter wrote:
Hi,
let's take this to a new thread so it'S not hidden in other
discussions:
On Mon, 2008-12-08 at 16:06 +0100, Hannes Magnusson wrote:
I do not think it is necessary for 5.3. It is an alpha release after
all and seriously, anyone who plans to move to 5.3.0 and still
relies on magic quotes gpc is likely to have more issues as well.
Time to turn it off by default then?
Getting rid of magic_quotes would be really nice but has a very big
"BUT".
Many things (I won't call it "applications" or something...) out there
are accidentially more or less safe due to magic_quotes. Many of these
things were written by people with, at most, basic understanding of
the
what they are doing and now are running at some random hosting company
on a $9.99/year (no idea what today's prices are)
When dropping magic_quotes the hosting company can do one of two
things:
a) not update to 5.3 so we either have to maintain 5.2 for some time
or
let them have problems
b) update to 5.3. Doing that means they break many of there customer's
code. Now they could add a default filter to add quotes again, what's
the win? Except that it will break magic_quotes-compatible code and
makes it harder to detect?
People won't fix the code - the code was "developed" by some web
design
company 5 years ago and nobody touches the site anymore and there's no
maintenance contract between the design company and the site owner
anymore...
The only way I see for getting rid of magic_quotes is with a version
which will require people to touch the code anyways and with a big
"marketing campaign" so I think PHP 6 is a way better time for that
even
so I'm really annoyed by it when doing stuff myself...
Comments and other views are welcome,
johannes
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
