Andrei Zmievski kirjoitti:
Ilia Alshanetsky wrote:
Andrei,
For you point #7 regarding the session extension. Perhaps we should
make a simple API allowing extensions to register callbacks to execute
on input data. Once request encoding is set, the callbacks can be ran
for GPC input allow extensions (not just session) to do their input
processing in a safe manner. We can even take it a step further and
make it secondary to ext/filter processing, for some security bits.
This is a good idea. However, we still have the issue of extensions
needing some data from the request before $_POST or $_GET are ever
mentioned in the script, since the decoding is done only at that time.
You just need to call zend_is_auto_global() to trigger the init.
btw. ext/session does only need the stuff in RINIT if session.auto_start is
enabled. Just remove that option. :D
--Jani
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
