Andrei,
For you point #7 regarding the session extension. Perhaps we should
make a simple API allowing extensions to register callbacks to execute
on input data. Once request encoding is set, the callbacks can be ran
for GPC input allow extensions (not just session) to do their input
processing in a safe manner. We can even take it a step further and
make it secondary to ext/filter processing, for some security bits.
Ilia Alshanetsky
On 14-May-09, at 12:57 PM, Andrei Zmievski wrote:
Request decoding is one of a few remaining pieces of the Unicode
puzzle. The proposed solution was outlined in a blog post [1] I
wrote a while back. There has been no movement on this front pretty
much since then, but now that 5.3 is wrapping up I want to put some
momentum behind PHP 6. Towards that, I have been working on a patch
that implements the request decoding functionality. The patch [2]
and the notes [3] are linked to below. This is not a final effort by
any means, but I believe the patch is solid and the rest can be done
in a similar manner. Right now, it implements only $_POST, $_GET,
$_FILES, and $_REQUEST decoding. Deciding how to handle $_COOKIES is
the next step, which is mentioned in the notes. Please take a look
and comment.
-Andrei
[1] http://gravitonic.com/2007/02/php-6-and-request-decoding
[2] http://gravitonic.com/dump/request_decoding.patch
[3] http://gravitonic.com/dump/request_decoding.txt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
