I'm not convinced that escaping environment data is the correct thing to do in the first place, and I would like to change php to not escape env vars if magic_quotes_gpc is on. Any opinions on this?
This changed somewhere along the line then. Originally magic quotes only touched GPC data. I never noticed it also did it to the environment and I'd consider that to be a bug.
-Rasmus
Hmm, actually, *any* variable passed through php_register_variable() will get escaped if magic_quotes_gpc is on, irregardless of what array it is getting registered into, so this effects _ENV, _SERVER and _FILES in addition to _GET,_POST and _COOKIE. I also don't know if any other stuff happens to use php_register_variable that may not want escaping.
Shane
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
