#42718 [Com]: FILTER_UNSAFE_RAW not applied when configured as default filter, even with flags
ID: 42718 Comment by: sultant08 at gmail dot com Reported By: arnaud dot lb at gmail dot com Status: Assigned Bug Type: Filter related Operating System: * PHP Version: 5CVS-2008-11-01 Assigned To: pajoye New Comment: ÇáÑÌÇÁ ÊÛíÑ ÇááÛÉ Çáí ÇáÚÑÈíÉ áåÐÇ ÇáÇÕÏÇÑ Previous Comments: [2009-01-09 18:37:04] tarmuli at hotmail dot com Thaks!baybay [2008-12-06 19:20:34] paj...@php.net Yes, revert was the best option for now. I will dig into it on Monday and re read the discussions about that (there was some discussions about this whole thing when we added filter to core). [2008-12-06 19:17:09] lbarn...@php.net > That's wrong This is exactly what you said one year ago, just before it was demonstrated that FILTER_UNSAFE_RAW actually does something (according to documentation, code, and examples), and the bug has been assigned to you. That said, I'm not rejecting the fault on anyone, and the important is to revert, which is done. [2008-12-06 18:25:20] paj...@php.net ooch. I did not catch in this bug before, but there is a major misunderstanding in the first comment. "The unsafe_raw filter does nothing by default, but it can "optionally strip or encode special characters", and it is the only filter which is able to do that without doing any other filtering." That's wrong. UNSAFE_RAW, the key word here is RAW. It means that the data is returned unfiltered, without flag, nothing, nada. If this behavior has been changed then please revert it. I did not check if it is present in 5.2.7 (it seems to be, as said in this report or another), that may require a quick fix release (Ilia?). [2008-12-06 17:52:37] lbarn...@php.net All my apologizes for this broken fix. A quick workaround for 5.2.7 users is to add the following in the php.ini: filter.default_flags=0 Scott has reverted this and this bug is not present in CVS. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/42718 -- Edit this bug report at http://bugs.php.net/?id=42718&edit=1
#42718 [Com]: FILTER_UNSAFE_RAW not applied when configured as default filter, even with flags
ID: 42718 Comment by: tarmuli at hotmail dot com Reported By: arnaud dot lb at gmail dot com Status: Assigned Bug Type: Filter related Operating System: * PHP Version: 5CVS-2008-11-01 Assigned To: pajoye New Comment: Thaks!baybay Previous Comments: [2008-12-06 19:20:34] paj...@php.net Yes, revert was the best option for now. I will dig into it on Monday and re read the discussions about that (there was some discussions about this whole thing when we added filter to core). [2008-12-06 19:17:09] lbarn...@php.net > That's wrong This is exactly what you said one year ago, just before it was demonstrated that FILTER_UNSAFE_RAW actually does something (according to documentation, code, and examples), and the bug has been assigned to you. That said, I'm not rejecting the fault on anyone, and the important is to revert, which is done. [2008-12-06 18:25:20] paj...@php.net ooch. I did not catch in this bug before, but there is a major misunderstanding in the first comment. "The unsafe_raw filter does nothing by default, but it can "optionally strip or encode special characters", and it is the only filter which is able to do that without doing any other filtering." That's wrong. UNSAFE_RAW, the key word here is RAW. It means that the data is returned unfiltered, without flag, nothing, nada. If this behavior has been changed then please revert it. I did not check if it is present in 5.2.7 (it seems to be, as said in this report or another), that may require a quick fix release (Ilia?). [2008-12-06 17:52:37] lbarn...@php.net All my apologizes for this broken fix. A quick workaround for 5.2.7 users is to add the following in the php.ini: filter.default_flags=0 Scott has reverted this and this bug is not present in CVS. [2008-12-06 17:32:55] magical...@php.net This is a proposed fix for this bug that will keep old behavior. Another fix could be simply to test IF_G(default_filter_flags) against FILTER_FLAG_NO_ENCODE_QUOTES instead of 0. http://ookoo.org/svn/snip/php_5_2-broken_filter_and_magic_quotes.patch The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/42718 -- Edit this bug report at http://bugs.php.net/?id=42718&edit=1
