Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:26171 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 88892 invoked by uid 1010); 23 Oct 2006 08:49:04 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 88876 invoked from network); 23 Oct 2006 08:49:04 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 23 Oct 2006 08:49:04 -0000 Authentication-Results: pb1.pair.com smtp.mail=sesser@hardened-php.net; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=sesser@hardened-php.net; sender-id=unknown Received-SPF: error (pb1.pair.com: domain hardened-php.net from 81.169.146.148 cause and error) X-PHP-List-Original-Sender: sesser@hardened-php.net X-Host-Fingerprint: 81.169.146.148 mi-ob.rzone.de Solaris 10 (beta) Received: from [81.169.146.148] ([81.169.146.148:53402] helo=natklopstock.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DD/F6-41582-DF18C354 for ; Mon, 23 Oct 2006 04:49:02 -0400 Received: from [192.168.1.77] (p5087560C.dip.t-dialin.net [80.135.86.12]) by post.webmailer.de (8.13.7/8.13.6) with ESMTP id k9N8mvE9011845 for ; Mon, 23 Oct 2006 10:48:58 +0200 (MEST) Message-ID: <453C81F8.7080606@hardened-php.net> Date: Mon, 23 Oct 2006 10:48:56 +0200 User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: PHP internals X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Subject: PHP 5.2.0 release with "broken" input filters From: sesser@hardened-php.net (Stefan Esser) Hi, I just wanted to remind you that PHP 5.2.0 will be released with broken and inconsistent input filtering. Right now _SERVER is only passed through the input filter for apache 1 SAPI. All other SAPIs do not pass _SERVER variables through the filter. This will be a major headache for people using ext/filter etc... Stefan