Ilia Alshanetsky wrote:
Andrei,
For you point #7 regarding the session extension. Perhaps we should make
a simple API allowing extensions to register callbacks to execute on
input data. Once request encoding is set, the callbacks can be ran for
GPC input allow extensions (not just session) to do their input
processing in a safe manner. We can even take it a step further and make
it secondary to ext/filter processing, for some security bits.
This is a good idea. However, we still have the issue of extensions needing some data from
the request before $_POST or $_GET are ever mentioned in the script, since the decoding is
done only at that time.
-Andrei
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
