Hi! You may have heard about the so called “Magellan vulnerabilities”[1] which potentially affect scripts which allow untrusted users to execute almost arbitrary SQL queries. BohwaZ provided a pull request[2] which introduces an ini setting which enables defenses built-in to SQLite ≥ 3.26.0 against the corruption of tables via SQL.
In my opinion, adding this ini setting to PHP-7.4 is a no brainer, but I suggest that we backport it to PHP-7.2 as well. And likely we should offer something of this kind for PDO as well. Not sure if a driver specific ini setting would be suitable. Suggestions welcome! Thoughts? [1] <https://blade.tencent.com/magellan/index_en.html> [2] <https://github.com/php/php-src/pull/3709> -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
