Hi! > I saw you voted "no". > Could you share us the reason behind?
I think I did, in my past messages to the list, but maybe I was not clear. I will repeat in short: 1. I think this RFC does not provide any security improvement, due to extreme ease with which the measures in this RFC can be circumvented by the attacker. 2. I think this RFC provides false sense of security for people that create vulnerable code and lets them think it's OK to have variable includes without adequate safety, since they are "protected" by these changes. 3. I think it causes significant BC break which might be warranted in case it provides major improvement in security, but IMO in the light of the above it does not provide even minor one. This is why I vote no and call everybody to do the same. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
