Hi, I saw Wietse's taint presentation at nyphp last night and I just wanted to express my support for the feature.
It seems to me OR-ing bits together between zval fields is relatively harmless. Clearly it will not catch everything as extensions can introduce clean zvals that are in fact tainted (or visa versa) but I foresee that this feature would amount to adding a very informative warning for developers. Just as you would get a warning for trying to call a function with the wrong parameters or divide by zero, the taint bits can be used to teach developers as to how to properly process their data. Mike PS: I am strongly against the idea of filters - the application should output what I tell it to output and nothing else. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
