Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:17986
Return-Path: <sean@caedmon.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 74901 invoked by uid 1010); 13 Aug 2005 19:50:28 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 74885 invoked from network); 13 Aug 2005 19:50:28 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Aug 2005 19:50:28 -0000
X-Host-Fingerprint: 69.60.120.90 iconoclast.caedmon.net Linux 2.4/2.6
Received: from ([69.60.120.90:40905] helo=iconoclast.caedmon.net)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 08/91-33075-40F4EF24 for <internals@lists.php.net>; Sat, 13 Aug 2005 15:50:28 -0400
Received: from localhost ([127.0.0.1])
	by iconoclast.caedmon.net with esmtp (Exim 3.35 #1 (Debian))
	id 1E420B-0002pY-00; Sat, 13 Aug 2005 15:49:07 -0400
Message-ID: <42FE4EE4.2000307@caedmon.net>
Date: Sat, 13 Aug 2005 15:49:56 -0400
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Derick Rethans <derick@php.net>
CC: George Schlossnagle <george@omniti.com>, 
	Rasmus Lerdorf <rasmus@lerdorf.com>,
	internals <internals@lists.php.net>
References: <42FCE0E4.604@lerdorf.com> <416F97E8-FE59-4297-B983-64E643939E3B@omniti.com>	<Pine.LNX.4.62.0508122018300.2742@localhost> <CD6C7885-403B-42CE-838A-778E63474BFE@omniti.com>	<Pine.LNX.4.62.0508131414090.2742@localhost> <A7C10125-78FB-4EF6-A83E-6555C90F335B@omniti.com> <Pine.LNX.4.62.0508132120590.2742@localhost>
In-Reply-To: <Pine.LNX.4.62.0508132120590.2742@localhost>
X-Enigmail-Version: 0.90.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] PHP 6.0 Wishlist
From: sean@caedmon.net (Sean Coates)

> But then everybody will just start using $_RAW_GET instead of $_GET. 
> What will that solve?

This was one of my concerns.

$_RAW_* is easy to grep for, though.

Sure, it can still be abused, but it'll be a lot easier to see WHERE 
it's being abused. Currently, a grep for $_GET will return a large 
number of false positives when searching for XSS (because it's the most 
legit way of finding data entry points).

S