Hi:
On Fri, Nov 19, 2010 at 10:36:13PM -0800, Philip Olson wrote:
>
> PHP 5.3
> - Default (On)
> - php.ini-development (Off)
> - php.ini-production (Off)
> - E_DEPRECATED error when On
The deprecated message is only thrown if you set magic quotes to on in a
php.ini file. If you're runnning wit
On Fri, Nov 19, 2010 at 10:36 PM, Philip Olson wrote:
>
> On Nov 19, 2010, at 6:45 PM, Stanley Sufficool wrote:
>> On Fri, Nov 19, 2010 at 8:14 AM, Daniel Convissor
>> wrote:
>>> On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote:
you can get pwn3d with magic_quotes_gpc = On
>>>
>
On Nov 19, 2010, at 6:45 PM, Stanley Sufficool wrote:
> On Fri, Nov 19, 2010 at 8:14 AM, Daniel Convissor
> wrote:
>> On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote:
>>> you can get pwn3d with magic_quotes_gpc = On
>>
>> That goes without saying. None the less, it will be problem
On Fri, Nov 19, 2010 at 8:14 AM, Daniel Convissor
wrote:
> On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote:
>> you can get pwn3d with magic_quotes_gpc = On
>
> That goes without saying. None the less, it will be problematic for PHP
> to disable/remove a "security" feature that some
On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote:
> you can get pwn3d with magic_quotes_gpc = On
That goes without saying. None the less, it will be problematic for PHP
to disable/remove a "security" feature that some people rely on.
--Dan
--
T H E A N A L Y S I S A N D S
On Fri, Nov 19, 2010 at 4:17 PM, Daniel Convissor <
dani...@analysisandsolutions.com> wrote:
> Hi Johannes:
>
> On Thu, Nov 18, 2010 at 05:25:49PM +0100, Johannes Schlter wrote:
> >
> > > 2) Error out if using CGI or web SAPI and one of the following is true:
> > >a) php.ini does not contain "
Hi Johannes:
On Thu, Nov 18, 2010 at 05:25:49PM +0100, Johannes Schlter wrote:
>
> > 2) Error out if using CGI or web SAPI and one of the following is true:
> >a) php.ini does not contain "magic_quotes_gpc = Off"
> >b) php.ini contains "magic_quotes_runtime = On"
> >c) php.ini contains
+1 for removing it.
On Wed, Nov 17, 2010 at 11:08 AM, Kalle Sommer Nielsen wrote:
> Greetings
>
> I wanted to raise this topic before we go Alpha with trunk, regarding
> our beloved magic_quotes feature. There seems to be mixed opinions
> regarding it so I thought I would take it up for discussio
On November-17-10 11:09 AM Kalle Sommer Nielsen wrote:
> Greetings
>
> I wanted to raise this topic before we go Alpha with trunk, regarding
> our beloved magic_quotes feature. There seems to be mixed opinions
> regarding it so I thought I would take it up for discussion.
>
> We have advised pe
+1 Disabling magic quotes (off by default) and removing them in the next
major release.
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
On Thu, 2010-11-18 at 18:34 +0200, Arvids Godjuks wrote:
> As I remember correctly - taint's are designed to be used while developing.
>
> They can be used in production (and 4-5% performance hit for the
> security isn't much until you run something really big), but mostly
> people will test it ou
As I remember correctly - taint's are designed to be used while developing.
They can be used in production (and 4-5% performance hit for the
security isn't much until you run something really big), but mostly
people will test it out on dev and deploy on production without
taints.
Still, I'd like t
On 11/18/10 8:25 AM, Johannes Schlüter wrote:
> Hi,
>
> On Thu, 2010-11-18 at 11:20 -0500, Daniel Convissor wrote:
>> Disabling magic quotes by default leads to the same confusion and security
>> issues as removing them completely.
>
> ACK
>
>> But, we can remove magic quotes
>> completely i
Hi,
On Thu, 2010-11-18 at 11:20 -0500, Daniel Convissor wrote:
> Disabling magic quotes by default leads to the same confusion and security
> issues as removing them completely.
ACK
> But, we can remove magic quotes
> completely if we add a fail safe mechanism. Here are two potential
> opt
On Wed, Nov 17, 2010 at 11:40:37PM -0600, Larry Garfield wrote:
>
> I won't miss magic quotes if they're removed, but I can see the argument for
> saying "not quite yet". Off-by-default is absolutely necessary if they're
> kept. (Dear god, you mean they aren't off by default already?)
When ope
On Thu, Nov 18, 2010 at 11:51 AM, Kalle Sommer Nielsen wrote:
> 2010/11/18 Ferenc Kovacs :
> > by your logic, the same goes for register_globals and for the other
> > deprecated stuff, that we wanted to remove with the next major version.
> > maybe we should look this the other way around: if we a
2010/11/18 Jani Taskinen :
> On Nov 18, 2010, at 12:41 PM, Patrick ALLAERT wrote:
>> Disabling it by default is the first mandatory step, [done] in PHP
>> 5.3, magic_quotes_gpc has been turned off by default at the same time
>> as providing a -development and -production version of the php.ini
>> f
2010/11/18 Ferenc Kovacs :
> by your logic, the same goes for register_globals and for the other
> deprecated stuff, that we wanted to remove with the next major version.
> maybe we should look this the other way around: if we agree that this things
> have to go, and the only thing which blocks tha
2010/11/18 Ferenc Kovacs :
> by your logic, the same goes for register_globals and for the other
> deprecated stuff, that we wanted to remove with the next major version.
> maybe we should look this the other way around: if we agree that this things
> have to go, and the only thing which blocks tha
ail.com] On Behalf Of
Patrick ALLAERT
Sent: 18 November 2010 10:41
To: Kalle Sommer Nielsen
Cc: Internals
Subject: Re: [PHP-DEV] Magic quotes in trunk
2010/11/17 Kalle Sommer Nielsen :
> Greetings
>
> I wanted to raise this topic before we go Alpha with trunk, regarding
> our belov
On Nov 18, 2010, at 12:41 PM, Patrick ALLAERT wrote:
> Disabling it by default is the first mandatory step, [done] in PHP
> 5.3, magic_quotes_gpc has been turned off by default at the same time
> as providing a -development and -production version of the php.ini
> file.
AFAICT magic_quotes_gpc is
On Thu, Nov 18, 2010 at 11:41 AM, Patrick ALLAERT wrote:
> 2010/11/17 Kalle Sommer Nielsen :
> > Greetings
> >
> > I wanted to raise this topic before we go Alpha with trunk, regarding
> > our beloved magic_quotes feature. There seems to be mixed opinions
> > regarding it so I thought I would take
2010/11/17 Kalle Sommer Nielsen :
> Greetings
>
> I wanted to raise this topic before we go Alpha with trunk, regarding
> our beloved magic_quotes feature. There seems to be mixed opinions
> regarding it so I thought I would take it up for discussion.
>
> We have advised people not to use magic_quo
2010/11/18 Johannes Schlüter :
> One way might be dropping the old mysql extension. Then "everybody" has
> to learn something else and while learning about that /might/ be reached
> with further education.
As Jani noted, I think its a step in the right direction to also move
that out of the core s
On Nov 18, 2010, at 12:12 PM, Johannes Schlüter wrote:
> Yes. We have to get rid of them! I was +1 for the old PHP 6 as that
> breaks so much stuff that it is nowhere a drop in replacement. And as
> such I'm happy to drop it in any release breaking lots of applications.
> I'm not happy about droppi
Hi
2010/11/18 Arvids Godjuks :
> There always will be people, who will whine about magic_quotes being
> gone. Same as register_globals. BTW, will the register_globals will be
> finally dropped too? ;)
I dropped a bunch of legacy features together with Pierrick during
this summer, so yes register_
+1 for removal.
The issue is that those ho still use the soft witch relies on
magic_quotes are usually kind of people witch are just buying the
Indian code stuff and running it (and it has tons of exploits on it's
own - even with magic_quotes). No, really, I haven't seen the
magic_quotes stuff in
On Thu, 2010-11-18 at 10:05 +, James Butler wrote:
> Are the £1 hosting companies going to be using 5.4+ any time soon? I'm
> still coming across hosts who still transition 4.X -> 5.1/2.
> I think these slow moving hosts are going to form a natural time delay
> between any changes now and these
On 17 November 2010 16:08, Kalle Sommer Nielsen wrote:
> Greetings
>
> I wanted to raise this topic before we go Alpha with trunk, regarding
> our beloved magic_quotes feature. There seems to be mixed opinions
> regarding it so I thought I would take it up for discussion.
>
> We have advised peopl
Schlüter [mailto:johan...@schlueters.de]
Sent: 18 November 2010 09:51
To: Adam Harvey
Cc: Zeev Suraski; Larry Garfield; internals@lists.php.net
Subject: Re: [PHP-DEV] Magic quotes in trunk
On Thu, 2010-11-18 at 15:40 +0800, Adam Harvey wrote:
> Yes, killing magic quotes will likely increase th
On Thu, 2010-11-18 at 15:40 +0800, Adam Harvey wrote:
> Yes, killing magic quotes will likely increase the support workload
> for a time,
I don't think it would increase support workload. Most people won't
notice.
What happens is that applications which are _a bit_ secure now will
continue to run
2010/11/18 Zeev Suraski :
> The voice of reason...
> As much as I'd like to see magic quotes burning in hell (had the option to
> kill them when they were small, but unfortunately didn't), I'm wondering
> whether the people +1'ing are thinking about the potential consequences to
> doing this, an
On 18 November 2010 15:22, Zeev Suraski wrote:
> As much as I'd like to see magic quotes burning in hell (had the option to
> kill them when they were small, but unfortunately didn't), I'm wondering
> whether the people +1'ing are thinking about the potential consequences to
> doing this, and i
> -Original Message-
> From: Larry Garfield [mailto:la...@garfieldtech.com]
> Sent: Thursday, November 18, 2010 7:41 AM
> To: internals@lists.php.net
> Subject: Re: [PHP-DEV] Magic quotes in trunk
>
> On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote
On Nov 17, 2010, at 9:40 PM, Larry Garfield wrote:
> On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote:
>>> What are your inputs on this matter?
>>
>> I'm struggling with this topic. We must do something, but it's important to
>> understand that plenty of people unknowingly rely upo
On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote:
> > What are your inputs on this matter?
>
> I'm struggling with this topic. We must do something, but it's important to
> understand that plenty of people unknowingly rely upon this security
> feature that's still enabled by default.
> What are your inputs on this matter?
I'm struggling with this topic. We must do something, but it's important to
understand that plenty of people unknowingly rely upon this security feature
that's still enabled by default. Granted 5.3 does generate E_DEPRECATED errors
when magical quotes are
On 11/17/2010 8:46 PM, Adam Harvey wrote:
On 18 November 2010 00:08, Kalle Sommer Nielsen wrote:
What are your inputs on this matter?
+1 for removing magic quotes completely from trunk. Kill it with fire.
Adam
+infinity. Burn baby burn. (Hudson Ford reference intended...unless
that make
+1 for removal
On Wed, Nov 17, 2010 at 10:50 PM, Stanley Sufficool wrote:
> +1 for removal
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
+1 for removal
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 18 November 2010 00:08, Kalle Sommer Nielsen wrote:
> What are your inputs on this matter?
+1 for removing magic quotes completely from trunk. Kill it with fire.
Adam
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
+1 for removal,
magic quotes stopped being a 'good' thing to do back when I first learnt what
echo did.
Web hosts etc have plenty of version numbers to catch up on/upgrade too before
they get to this being a problem.
(well most anyway)
-Original Message-
From: ka...@php.net [mailto:kall
My opinion is to remove them completely.
Big +1 from me. It is time for the feature to go.
Olivier (iPhone)
Le 2010-11-17 à 11:08, Kalle Sommer Nielsen a écrit :
Greetings
My personal vote here goes towards removing them entirely.
What are your inputs on this matter?
--
regards,
Kalle S
Yeah,
+1 for remove!
-
Uwe Schindler
theta...@php.net - http://www.php.net
NSAPI SAPI developer
Bremen, Germany
> -Original Message-
> From: kalle@gmail.com [mailto:kalle@gmail.com] On Behalf Of Kalle
> Sommer Nielsen
> Sent: Wednesday, November 17, 2010 5:09 PM
> To: Intern
+1 for removing it in trunk
Pierrick
On 17 November 2010 11:08, Kalle Sommer Nielsen wrote:
> Greetings
>
> I wanted to raise this topic before we go Alpha with trunk, regarding
> our beloved magic_quotes feature. There seems to be mixed opinions
> regarding it so I thought I would take it up f
On Wed, Nov 17, 2010 at 5:08 PM, Kalle Sommer Nielsen wrote:
> Greetings
>
> I wanted to raise this topic before we go Alpha with trunk, regarding
> our beloved magic_quotes feature. There seems to be mixed opinions
> regarding it so I thought I would take it up for discussion.
>
> We have advise
46 matches
Mail list logo
