Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:106273
Return-Path: <markyr@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 73523 invoked from network); 24 Jul 2019 03:14:28 -0000
Received: from unknown (HELO localhost.localdomain) (76.75.200.58)
  by pb1.pair.com with SMTP; 24 Jul 2019 03:14:28 -0000
To: internals@lists.php.net
References: <CAFPFaMLpZ=okschrpeH77AhZTHcvFBuPf1S1bXH6psxmvABK7g@mail.gmail.com>
 <28a9ccf7-f5be-eb1e-999a-06170beeed4b@gmail.com>
 <CAF+90c_rm3UcGzV4FhLs_-VzFvnE0Uq0m1e_WO5B5uQ+J8+A5g@mail.gmail.com>
 <b6cb48e4-05f2-d55e-f1d5-95c7efc983e9@gmail.com>
Date: Wed, 24 Jul 2019 01:37:42 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <b6cb48e4-05f2-d55e-f1d5-95c7efc983e9@gmail.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-Posted-By: 5.69.56.51
Subject: Re: [PHP-DEV] [RFC] [DISCUSSION] Deprecate PHP's short open tags V2
From: markyr@gmail.com (Mark Randall)
Message-ID: <php.internals-106273@news.php.net>

On 23/07/2019 21:58, Stanislav Malyshev wrote:
> I think nicer would be to explain why we need second RFC and what it
> adds to the previous one. If I didn't get some context, please explain.

The previous one, as written, carried a high probability of silently 
leaking both code and data, but these arguments against it only gained 
prominence after the RFC had already passed.

V2 remedies that by maintaining default INI behaviour, as well as 
nullifying the possibility of code / data leaks by throwing a compiler 
exception if <? is encountered (and enabled), thus denying the VM an 
opportunity to execute a file which contains potentially leaky code.

If short tags are to be removed, V2 is a significantly more reasonable 
way of going about it.

--
Mark Randall