Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:17892
Return-Path: <derick@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 57067 invoked by uid 1010); 12 Aug 2005 18:19:15 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 57052 invoked from network); 12 Aug 2005 18:19:15 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 12 Aug 2005 18:19:15 -0000
X-Host-Fingerprint: 82.94.239.5 jdi.jdi-ict.nl Linux 2.5 (sometimes 2.4) (4)
Received: from ([82.94.239.5:32929] helo=jdi.jdi-ict.nl)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 86/09-33075-028ECF24 for <internals@lists.php.net>; Fri, 12 Aug 2005 14:19:13 -0400
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdi-ict.nl (8.12.11/8.12.11) with ESMTP id j7CIJ7nl004133;
	Fri, 12 Aug 2005 20:19:07 +0200
Received: from localhost (localhost [127.0.0.1])
	by jdi.jdi-ict.nl (8.12.11/8.12.11) with ESMTP id j7CIJ4YC004123;
	Fri, 12 Aug 2005 20:19:05 +0200
Date: Fri, 12 Aug 2005 20:19:04 +0200 (CEST)
X-X-Sender: derick@localhost
To: George Schlossnagle <george@omniti.com>
cc: Rasmus Lerdorf <rasmus@lerdorf.com>, internals <internals@lists.php.net>
In-Reply-To: <416F97E8-FE59-4297-B983-64E643939E3B@omniti.com>
Message-ID: <Pine.LNX.4.62.0508122018300.2742@localhost>
References: <42FCE0E4.604@lerdorf.com> <416F97E8-FE59-4297-B983-64E643939E3B@omniti.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at jdi-ict.nl
Subject: Re: [PHP-DEV] PHP 6.0 Wishlist
From: derick@php.net (Derick Rethans)

On Fri, 12 Aug 2005, George Schlossnagle wrote:

> > 3. Add input filter extension which will include a mechanism for
> >    application developers to very easily turn it off which would swap
> >    the raw GPC arrays back in case the site had it turned on by 
> >    default.
> 
> That seems a bit scary, and almost  as if it would defeat the purpose.  I'm
> all for an input filter extension, but it should be one that can't be easily
> neutered by (potentially malicious) applications.

I wrote up the following spec for this extension:
http://files.derickrethans.nl/filter_extension.html

Derick