Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:22186
Return-Path: <sesser@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 95280 invoked by uid 1010); 7 Mar 2006 10:47:03 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 95265 invoked from network); 7 Mar 2006 10:47:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Mar 2006 10:47:03 -0000
X-Host-Fingerprint: 81.169.145.166 natnoddy.rzone.de Solaris 8 (1)
Received: from ([81.169.145.166:52526] helo=natnoddy.rzone.de)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id 61/94-22029-6A46D044 for <internals@lists.php.net>; Tue, 07 Mar 2006 05:47:03 -0500
Received: from [192.168.1.77] (p50874C29.dip.t-dialin.net [80.135.76.41])
	by post.webmailer.de (8.13.1/8.13.1) with ESMTP id k27AkurV028851;
	Tue, 7 Mar 2006 11:46:57 +0100 (MET)
Message-ID: <440D649D.4080005@php.net>
Date: Tue, 07 Mar 2006 11:46:53 +0100
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: pierre.php@gmail.com
CC: internals@lists.php.net, Derick Rethans <derick@php.net>
References: <20060305162128.5b1fdb86@localhost.localdomain>	<20060306214619.5e6ec076@localhost.localdomain>	<006301c641a5$17625f50$6600a8c0@binarysecfb111>	<440D3C70.5040003@hardened-php.net>	<440D3D7F.5080505@lerdorf.com>	<440D3E24.2040101@hardened-php.net>	<Pine.LNX.4.62.0603070909070.10670@localhost> <20060307112759.7ed7e9ec@localhost.localdomain>
In-Reply-To: <20060307112759.7ed7e9ec@localhost.localdomain>
X-Enigmail-Version: 0.93.0.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: Adieu register_globals
From: sesser@php.net (Stefan Esser)


>What is the point of detecting something that does not exist anymore?
>
>It is not a problem to add these checks and errors, only senseless.
>
>What is the reason to do it? PHP6 will require most applications to be
>ported, this problem will be their smallest problem and can be easily
>emulated in userland:
>  
>
Forgive me if I am wrong, but MOST PHP applications are not using OOP.
And I don't see why these applications have to be ported at all. But
once you remove the possibility to detect that these features are turned
off the applications can become insecure.

And instead of removing the function set_magic_quotes_runtime() it
should better give a clear FATAL ERROR imho. Otherwise we will have
myriads of bugreports: set_magic_quotes_runtime() or (whatever function
removed) doesn't exist in my PHP anymore. Giving the warning that the
script uses a feature that no longer exists and pointing to a document
describing why will save us a lot of work and trouble.

Stefan