Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:14551 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 83168 invoked by uid 1010); 3 Feb 2005 01:38:32 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 83140 invoked from network); 3 Feb 2005 01:38:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2005 01:38:31 -0000 X-Host-Fingerprint: 195.82.120.217 stack.fission.org.uk Linux 2.4/2.6 Received: from ([195.82.120.217:38446] helo=stack.fission.org.uk) by pb1.pair.com (ecelerity HEAD (r4105:4106)) with SMTP id C0/01-30841-69081024 for ; Wed, 02 Feb 2005 20:38:31 -0500 Received: from cpc1-oxfd5-6-0-cust152.oxfd.cable.ntl.com ([81.105.118.152] helo=[192.168.0.20]) by stack.fission.org.uk with esmtp (Exim 3.36 #1 (Debian)) id 1CwVvr-0008Hz-00; Thu, 03 Feb 2005 01:37:19 +0000 Message-ID: <42018065.8010403@fission.org.uk> Date: Thu, 03 Feb 2005 01:37:41 +0000 User-Agent: Mozilla Thunderbird 0.9 (X11/20041125) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Rasmus Lerdorf CC: Ilia Alshanetsky , internals@lists.php.net References: <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201151955.02730ec0@localhost> <4200169A.6050905@lerdorf.com> <42001C1D.3090105@cschneid.com> <42001D7B.1040707@trickie.org> <420024EC.4080601@lerdorf.com> <4200457F.5080305@prohost.org> <42005629.3000905@lerdorf.com> <4200D48A.9070305@prohost.org> <42010045.20807@lerdorf.com> In-Reply-To: <42010045.20807@lerdorf.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] PHP 5.1 From: gareth@fission.org.uk (Gareth Ardron) Rasmus Lerdorf wrote: > Ilia Alshanetsky wrote: > >>> Looking at my code here, it would actually be trivial to expose the >>> raw data as superglobals, but what do we achieve then? We are >>> simply renaming $_GET to $_GET_RAW or something like that? If you >>> don't want any filtering to be done by default, simply don't turn it >>> on. >> >> >> >> In many cases it may not be possible to turn off automatic input >> filter, because of limited access. > > > I realize that. But the filter was likely turned on for a reason in > such cases with the goal that all applications running on the server > that need non-standard access to user data will have to be modified to > explicitly access that data through an appropriate filter. True, but you've still got a lot of boxes that are used both for dev and production work. Take a small web design company, for example. Now in such a position, the admin may want to access raw variables in dev.site.com but have things restricted in www.site.com, if you see what I mean. Maybe an ini option which is a bool that allows users to access raw get/post/whatever data or doesn't ?