Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:14536 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 31903 invoked by uid 1010); 2 Feb 2005 21:31:08 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 31870 invoked from network); 2 Feb 2005 21:31:08 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2005 21:31:08 -0000 X-Host-Fingerprint: 212.204.192.51 jdi.jdimedia.nl Linux 2.5 (sometimes 2.4) (4) Received: from ([212.204.192.51:42012] helo=jdi.jdimedia.nl) by pb1.pair.com (ecelerity HEAD (r4105:4106)) with SMTP id 77/0E-25397-B9641024 for ; Wed, 02 Feb 2005 16:31:07 -0500 Received: from localhost (localhost [127.0.0.1]) by jdi.jdimedia.nl (8.12.11/8.12.11) with ESMTP id j12LV4pm013875 for ; Wed, 2 Feb 2005 22:31:04 +0100 Received: from jdi.jdimedia.nl ([127.0.0.1]) by localhost (jdi.jdimedia.nl [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 10165-08-3 for ; Wed, 2 Feb 2005 22:31:04 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by jdi.jdimedia.nl (8.12.11/8.12.11) with ESMTP id j12LUgW4013743; Wed, 2 Feb 2005 22:30:42 +0100 Date: Wed, 2 Feb 2005 22:30:39 +0100 (CET) X-X-Sender: derick@localhost To: Rasmus Lerdorf cc: Ilia Alshanetsky , internals@lists.php.net In-Reply-To: <42010045.20807@lerdorf.com> Message-ID: References: <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201151955.02730ec0@localhost> <4200169A.6050905@lerdorf.com> <42001C1D.3090105@cschneid.com> <42001D7B.1040707@trickie.org> <420024EC.4080601@lerdorf.com> <4200457F.5080305@prohost.org> <42005629.3000905@lerdorf.com> <4200D48A.9070305@prohost.org> <42010045.20807@lerdorf.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by amavisd-new at jdimedia.nl Subject: Re: [PHP-DEV] PHP 5.1 From: derick@php.net (Derick Rethans) On Wed, 2 Feb 2005, Rasmus Lerdorf wrote: > Ilia Alshanetsky wrote: > >> Looking at my code here, it would actually be trivial to expose the > >> raw data as superglobals, but what do we achieve then? We are simply > >> renaming $_GET to $_GET_RAW or something like that? If you don't want > >> any filtering to be done by default, simply don't turn it on. > > > > > > In many cases it may not be possible to turn off automatic input filter, > > because of limited access. > > I realize that. But the filter was likely turned on for a reason in > such cases with the goal that all applications running on the server > that need non-standard access to user data will have to be modified to > explicitly access that data through an appropriate filter. Well, people turn on safe mode just because the name implies that things are safe too - which is wrong. I agree with Ilia, we should not mangle request data by default. It's fine to provide filter functions but the normal post/get/cookie data should be normally available through GET and POST - this is starting to look like another magic_quotes. A bad thing! regards, Derick -- Derick Rethans http://derickrethans.nl | http://ez.no | http://xdebug.org