Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:14537 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 39177 invoked by uid 1010); 2 Feb 2005 21:36:49 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 39094 invoked from network); 2 Feb 2005 21:36:48 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2005 21:36:48 -0000 X-Host-Fingerprint: 83.97.50.139 jan.prima.de FreeBSD 4.6-4.9 Received: from ([83.97.50.139:4399] helo=jan.prima.de) by pb1.pair.com (ecelerity HEAD (r4105:4106)) with SMTP id A6/6E-25397-FE741024 for ; Wed, 02 Feb 2005 16:36:48 -0500 Received: from BAUMBART (pD95F8F5C.dip.t-dialin.net [::ffff:217.95.143.92]) (IDENT: HydraIRC, AUTH: LOGIN tobi) by jan.prima.de with esmtp; Wed, 02 Feb 2005 21:36:42 +0000 Date: Wed, 2 Feb 2005 22:38:53 +0100 Reply-To: Marcus Boerger X-Priority: 3 (Normal) Message-ID: <12510140304.20050202223853@marcus-boerger.de> To: Derick Rethans CC: Rasmus Lerdorf , Ilia Alshanetsky , internals@lists.php.net In-Reply-To: References: <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201151955.02730ec0@localhost> <4200169A.6050905@lerdorf.com> <42001C1D.3090105@cschneid.com> <42001D7B.1040707@trickie.org> <420024EC.4080601@lerdorf.com> <4200457F.5080305@prohost.org> <42005629.3000905@lerdorf.com> <4200D48A.9070305@prohost.org> <42010045.20807@lerdorf.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] PHP 5.1 From: helly@php.net (Marcus Boerger) Hello Derick, Wednesday, February 2, 2005, 10:30:39 PM, you wrote: > On Wed, 2 Feb 2005, Rasmus Lerdorf wrote: >> Ilia Alshanetsky wrote: >> >> Looking at my code here, it would actually be trivial to expose the >> >> raw data as superglobals, but what do we achieve then? We are simply >> >> renaming $_GET to $_GET_RAW or something like that? If you don't want >> >> any filtering to be done by default, simply don't turn it on. >> > >> > >> > In many cases it may not be possible to turn off automatic input filter, >> > because of limited access. >> >> I realize that. But the filter was likely turned on for a reason in >> such cases with the goal that all applications running on the server >> that need non-standard access to user data will have to be modified to >> explicitly access that data through an appropriate filter. > Well, people turn on safe mode just because the name implies that things > are safe too - which is wrong. I agree with Ilia, we should not mangle > request data by default. It's fine to provide filter functions but the > normal post/get/cookie data should be normally available through GET and > POST - this is starting to look like another magic_quotes. A bad thing! Besides that turning on by default could turn out to become a major BC. regards marcus