Hi, 2012/4/10 Arvids Godjuks <arvids.godj...@gmail.com>: > I have a question - does it really bother people to type the <?php tag? I > kind*a don't do that for how long, 4-5 years? Every IDE and every damn > decent code editor does that for you. Hell, they even can create a template > file for you! > Some arguments are just plain silly. > > The point about file include attacks on the other hand is valid. Including > code without the <?php tag does protect from things like uploading an image > and exploiting a vurnelable include to execute the code. On the other hand > you have the problem of BC and libraries with the <?php tag everythere - I > haven't seen any real discussion about this. And beleve me, this will be > the "WTF?!".
I agree. Therefore, current behavior is the default. If newer code written with a little care, the code is compatible for both embedded and non-embedded modes. Those who are not willing to write opening TAG, it is possible a single ini_set() or command line option, too. https://wiki.php.net/rfc/nophptags Comments are welcome. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net > > PHp native templates are also a big factor, i personally do not use any > template engine - plain php is pretty damn good if combined with good tools > (in my case Yii framework provides great stuff to work with). > > The most thing i fear that changing this will add a false sence of > security. If you include a file based on a route (witch we usually do) - > you have to check your input tripple-time and make sure it does not try to > point elsewhere. If not, the people out there will find a way to use thet > vurneability, it just would not be a. gif file, but something else. Not to > say some just configure to run any file as a PHP file. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
