> -----Original Message----- > From: Larry Garfield [mailto:la...@garfieldtech.com] > Sent: Thursday, November 18, 2010 7:41 AM > To: internals@lists.php.net > Subject: Re: [PHP-DEV] Magic quotes in trunk > > On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote: > > > What are your inputs on this matter? > > > > I'm struggling with this topic. We must do something, but it's > > important to understand that plenty of people unknowingly rely upon > > this security feature that's still enabled by default. Granted 5.3 > > does generate E_DEPRECATED errors when magical quotes are enabled, > but > > is one minor PHP version of errors enough to go from on to gone? > > > > So while those in the know (e.g., people who follow this list) find > > them annoying and wish they never existed, what are the implications? > > I'm still unsure how best to handle this situation but wanted to > > express these feelings now. Whatever the case, the education effort > > towards data filtering and sanitization requires a lot of improvement. > > > > Regards, > > Philip > > I won't miss magic quotes if they're removed, but I can see the argument for > saying "not quite yet". Off-by-default is absolutely necessary if they're > kept. > (Dear god, you mean they aren't off by default already?)
The voice of reason... As much as I'd like to see magic quotes burning in hell (had the option to kill them when they were small, but unfortunately didn't), I'm wondering whether the people +1'ing are thinking about the potential consequences to doing this, and if they're also volunteering to respond (nicely!!) to the endless complaints, flames, and just general "what happened???!!!" mailing list emails that may flood us when this happens. With 6.0, we talked about having prepend-scripts that emulate magic quotes available, since like it or not - there are probably billions of lines of code out there that rely on the existence of magic quotes. I don't have a strong opinion on whether we should remove magic quotes altogether in 5.4 and provide emulation instructions, or just disable it by default as a first step. Zeev -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
