Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:42128
Return-Path: <scott@macvicar.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 42502 invoked from network); 6 Dec 2008 20:35:55 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 6 Dec 2008 20:35:55 -0000
Authentication-Results: pb1.pair.com header.from=scott@macvicar.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=scott@macvicar.net; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain macvicar.net from 193.227.246.108 cause and error)
X-PHP-List-Original-Sender: scott@macvicar.net
X-Host-Fingerprint: 193.227.246.108 ip246-108-v193.static.x-ip.net  
Received: from [193.227.246.108] ([193.227.246.108:58544] helo=lovelace.midden.org.uk)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 54/26-27690-A22EA394 for <internals@lists.php.net>; Sat, 06 Dec 2008 15:35:55 -0500
Received: from macvicar.demon.co.uk ([80.177.111.173] helo=[192.168.1.100])
	by lovelace.midden.org.uk with esmtpsa (TLS-1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.69)
	(envelope-from <scott@macvicar.net>)
	id 1L93sS-0001nZ-Ex; Sat, 06 Dec 2008 20:35:50 +0000
Message-ID: <40E11268-D705-4F32-96E0-4C0AEA27AAC9@macvicar.net>
To: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Sat, 6 Dec 2008 20:35:42 +0000
Cc: Ilia Alshanetsky <ilia@prohost.org>
X-Mailer: Apple Mail (2.929.2)
X-Spam-Score: -4.1
X-Spam_Report: Spam detection software, running on the system "lovelace.midden.org.uk", has
	identified this incoming email as possible spam.  The original message
	has been attached to this so you can view it (if it isn't spam) or label
	similar future email.  If you have any questions, see
	the administrator of that system for details.
	Content preview:  Hey, There have been several bug reports about magic_quotes_gpc
	being broken, at the moment in 5.2.7 the escaping is not performed even when
	enabled. So any applications that attempt to undo the work of magic_quotes_gpc
	will end up with problems. [...] 
	Content analysis details:   (-4.1 points, 5.0 required)
	pts rule name              description
	---- ---------------------- --------------------------------------------------
	-1.8 ALL_TRUSTED            Passed through trusted hosts only via SMTP
	-2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
	[score: 0.0000]
	0.3 AWL                    AWL: From: address is in the auto white-list
Subject: PHP 5.2.7 + magic_quotes_gpc broken
From: scott@macvicar.net (Scott MacVicar)

Hey,

There have been several bug reports about magic_quotes_gpc being  
broken, at the moment in 5.2.7 the escaping is not performed even when  
enabled. So any applications that attempt to undo the work of  
magic_quotes_gpc will end up with problems.

I've backed out the bug that broke this #42718

Since this is a relative serious issue from a security stand point if  
people rely on it being enabled and a potential data loss for those  
trying to undo it, I'd like to see a release packaged asap.

If Ilia agrees then could fixes to the 5.2 branch be restricted to  
build fixes only.

Scott