Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:37843
Return-Path: <greg@chiaraquartet.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 24133 invoked from network); 24 May 2008 00:39:52 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 24 May 2008 00:39:52 -0000
Authentication-Results: pb1.pair.com header.from=greg@chiaraquartet.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=greg@chiaraquartet.net; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain chiaraquartet.net from 38.99.98.18 cause and error)
X-PHP-List-Original-Sender: greg@chiaraquartet.net
X-Host-Fingerprint: 38.99.98.18 beast.bluga.net Linux 2.6
Received: from [38.99.98.18] ([38.99.98.18:34598] helo=mail.bluga.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 33/21-14404-6D367384 for <internals@lists.php.net>; Fri, 23 May 2008 20:39:50 -0400
Received: from mail.bluga.net (localhost.localdomain [127.0.0.1])
	by mail.bluga.net (Postfix) with ESMTP id 1EE91C11905;
	Fri, 23 May 2008 17:39:52 -0700 (MST)
Received: from [192.168.0.106] (CPE-76-84-4-101.neb.res.rr.com [76.84.4.101])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.bluga.net (Postfix) with ESMTP id D2484C11904;
	Fri, 23 May 2008 17:39:50 -0700 (MST)
Message-ID: <483763D0.6000708@chiaraquartet.net>
Date: Fri, 23 May 2008 19:39:44 -0500
User-Agent: Thunderbird 2.0.0.14 (X11/20080502)
MIME-Version: 1.0
To: Rasmus Lerdorf <rasmus@lerdorf.com>
CC: Lars Strojny <lars@strojny.net>, Philip Olson <philip@roshambo.org>, 
 internals Mailing List <internals@lists.php.net>
References: <5B2E59A9-BC46-447F-BEBC-C4149866A802@roshambo.org> <1211494158.7416.5.camel@localhost> <48360328.3040500@lerdorf.com>
In-Reply-To: <48360328.3040500@lerdorf.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [PHP-DEV] magic quotes finale
From: greg@chiaraquartet.net (Gregory Beaver)

Rasmus Lerdorf wrote:
> I see absolutely no reason to force people to go through and change:
> 
> if(!get_magic_quotes_gpc())
> 
> to:
> 
> if (!function_exists('get_magic_quotes_gpc') || !get_magic_quotes_gpc())
> 
> when there is no technical reason to force them to do so.  It is slower,
> more verbose and completely useless.

I whole-heartedly agree.

To the others: please examine this from a practical instead of a
philosophical position.

What is the problem that needs solving?

 * magic_quotes_gpc escapes input, which is bad.

How to fix it?

 * disable magic_quotes_gpc = on, disable set_magic_quotes_gpc(1)

Implicit in this statement is that the problem is *not*:

 * Users use get_magic_quotes_gpc() check whether this faulty ini is
enabled, and set_magic_quotes_gpc(off) only if it is enabled.

If we take the step of removing the get_magic_quotes_gpc() function, or
of adding an E_DEPRECATED, we make upgrading to PHP 5.3 harder, for no
benefit.

As a side note, the silent majority (developers who do not post to this
list) were represented at php|tek, and the few I spoke to about the way
magic_quotes is being handled unequivocally agreed with my assessment
for the exact same reasons.

I strongly encourage everyone to do a realistic tradeoff analysis and
come to understand why Rasmus's solution is the only possible solution
to this problem that both solves the *actual* problem and has real
benefit to existing well-written applications.

Thanks,
Greg