Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:14538
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 50401 invoked by uid 1010); 2 Feb 2005 21:44:10 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 50386 invoked from network); 2 Feb 2005 21:44:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Feb 2005 21:44:10 -0000
X-Host-Fingerprint: 66.198.51.121 lerdorf.com Linux 2.4/2.6
Received: from ([66.198.51.121:44163] helo=colo.lerdorf.com)
	by pb1.pair.com (ecelerity HEAD (r4105:4106)) with SMTP
	id 5D/4F-25397-9A941024 for <internals@lists.php.net>; Wed, 02 Feb 2005 16:44:09 -0500
Received: from [192.168.2.106] (c-24-6-1-160.client.comcast.net [24.6.1.160])
	(authenticated bits=0)
	by colo.lerdorf.com (8.13.3/8.13.3/Debian-4) with ESMTP id j12Li5eb028816
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Wed, 2 Feb 2005 13:44:06 -0800
Message-ID: <420149A4.6000201@lerdorf.com>
Date: Wed, 02 Feb 2005 13:44:04 -0800
User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Derick Rethans <derick@php.net>
CC: Ilia Alshanetsky <ilia@prohost.org>, internals@lists.php.net
References: <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201151955.02730ec0@localhost> <4200169A.6050905@lerdorf.com> <42001C1D.3090105@cschneid.com> <42001D7B.1040707@trickie.org> <420024EC.4080601@lerdorf.com> <4200457F.5080305@prohost.org> <42005629.3000905@lerdorf.com> <4200D48A.9070305@prohost.org> <42010045.20807@lerdorf.com> <Pine.LNX.4.58.0502022230040.9488@localhost>
In-Reply-To: <Pine.LNX.4.58.0502022230040.9488@localhost>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] PHP 5.1
From: rasmus@lerdorf.com (Rasmus Lerdorf)

Derick Rethans wrote:
> Well, people turn on safe mode just because the name implies that things
> are safe too - which is wrong. I agree with Ilia, we should not mangle
> request data by default. It's fine to provide filter functions but the
> normal post/get/cookie data should be normally available through GET and
> POST - this is starting to look like another magic_quotes. A bad thing!

Well, this is already in 5.0 via the input filtering hook.  This is 
simply a public implementation of that hook.  As far as I am concerned 
the only correct place to put a macro filter is before the data even 
gets to PHP and various corporate-wide security policies mandate this, 
or will mandate something like this in the near future.  I'd like to be 
ahead of the curve and not behind it.

You guys can write your own implementation and put it in PECL alongside 
the one I am putting in there and we can decide if any of them should be 
bundled by default.  Perhaps none of them should, but like it or not, 
people want to filter at this level and the extension to satisfy this 
need will be available to them in PECL.

-Rasmus