ID: 15969 Updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: PHP options/info functions Operating System: Linux PHP Version: 4.1.2 New Comment:
Philip, Thanks for the PHP definition of "deprecated". The American Heritage Dictionary defines it as "To expressly disapprove of; protest or plead against - from the latin deprecari - to ward off by prayer". (I like the latin definition <grin>.) I think the usage in software circles is generally taken to mean "this is going away sometime in the future". In any definition, I reinterate my original statement that I lobby for it never going away, just defaulting to NO with the option to set to YES in the INI (effectively as the php.ini-recommended has it now.) Colin Previous Comments: ------------------------------------------------------------------------ [2002-03-09 14:51:27] [EMAIL PROTECTED] In PHP, deprecated means "Maybe one day it won't work but not sure if/when that'll be exactly, here's why you shouldn't use this..." I assume register_globals will work for awhile, and nobody knows when (or if) it won't (yet). So the question is "When will register_globals not work?" A good question indeed. Not a documentation problem as nobody has the answer, yet. ------------------------------------------------------------------------ [2002-03-09 14:09:21] [EMAIL PROTECTED] See also: import_request_variables() and extract() for ways to deal with this issue. ------------------------------------------------------------------------ [2002-03-09 13:22:58] [EMAIL PROTECTED] I think maybe one of us is missing the point (and it's probably me!). php.ini-recommended says: "Note that register_globals is going to be depracated (sic)(i.e., turned off by default) in the next version of PHP, because it often leads to security bugs." I take this to mean that register_globals will off permanently and cannot be turned back on, even in the INI. But if it means that it will default to OFF but can still be turned ON in the INI, then I have no complaint. This would protect the novice but allow those who understand the implications to turn it on. Although the latter doesn't sound to be any more than how the distribution INIs are written. My issue is not the wisdom of having it ON or OFF, just the wisdom of taking away the option of choosing from the PHP system administrator. Avaliability of functions like that suggested by sniper are fine, but would still take a huge effort to change all the code and the potential is high for breaking any part of it by missing one place to add the function. You comments and thoughts are appreciated. Colin ------------------------------------------------------------------------ [2002-03-09 08:49:13] [EMAIL PROTECTED] As of PHP 4.1.0 there is this function: http://www.php.net/manual/en/function.import-request-variables.php ------------------------------------------------------------------------ [2002-03-09 03:01:27] [EMAIL PROTECTED] Open a dialog about a discussion which relaxes PHP's security badly? Of course it IS the developers fault who are NOT aware of the implications when using register_globals on. There is nothing else the PHP Team can to then make serious default setting of those developers are not able to understand what they are doing. And for you, it's changing one line in the INIs so what? If it's your ISP who decides to let this be disabled by default that it's a good ISP. If that's what you complain about, complain at your ISP (who, honestly, should not relax this feature). ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/15969 -- Edit this bug report at http://bugs.php.net/?id=15969&edit=1
