ID: 15969 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] -Status: Open +Status: Bogus Bug Type: Feature/Change Request Operating System: Linux PHP Version: 4.1.2 New Comment:
Open a dialog about a discussion which relaxes PHP's security badly? Of course it IS the developers fault who are NOT aware of the implications when using register_globals on. There is nothing else the PHP Team can to then make serious default setting of those developers are not able to understand what they are doing. And for you, it's changing one line in the INIs so what? If it's your ISP who decides to let this be disabled by default that it's a good ISP. If that's what you complain about, complain at your ISP (who, honestly, should not relax this feature). Previous Comments: ------------------------------------------------------------------------ [2002-03-08 23:33:46] [EMAIL PROTECTED] We love PHP and our business relies upon it. I want to lobby for NOT deprecating register_globals in future releases. This will break a huge amount of code we have written and involve a major effort in repairing it, if register_globals is permanently set to NO. I thoroughly agree with all your security issues and any new code should be written on the assumption that it is set to NO. But ultimately it should be left to the user to decide whether or not to enable it, not have it dictated to him. All this IMHO, but I hope you will open a dialog to see how others feel about it. Thanks, Colin PS. I realize this is not a bug but couldn't find a better place on the web site to express my opinion. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=15969&edit=1
