On Thu, Aug 8, 2019 at 10:35 PM Zeev Suraski <z...@php.net> wrote: > > > On Thu, Aug 8, 2019 at 9:10 PM Bishop Bettini <bis...@php.net> wrote: > >> On Tue, Aug 6, 2019 at 7:34 AM G. P. B. <george.bany...@gmail.com> wrote: >> >> > The voting for the "Deprecate short open tags, again" [1] RFC has begun. >> > It is expected to last two (2) weeks until 2019-08-20. >> > >> > A counter argument to this RFC is available at >> > https://wiki.php.net/rfc/counterargument/deprecate_php_short_tags >> > >> > Best regards >> > >> > George P. Banyard >> > >> > [1] https://wiki.php.net/rfc/deprecate_php_short_tags_v2 >> >> <? is a security risk today, just as much as it was then. Remember in 2007 >> when Facebook's source code leaked precisely because of this [1]? >> > > Where's the evidence that it was precisely or even remotely because of > this? >
I'd like to add that looking at the source code[1] from the leaks, it appears to be using long tags - which means that if it is authentic - short tags were not the source of the leak. Also, there was a Perl leak[2] from Facebook as well. It's a bit difficult to blame short tags for that one. Zeev [1] https://gist.github.com/nikcub/3833406 [2] https://gist.github.com/philfreo/7257723
