Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:42135
Return-Path: <helly@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 95576 invoked from network); 7 Dec 2008 13:50:45 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Dec 2008 13:50:45 -0000
Authentication-Results: pb1.pair.com header.from=helly@php.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=helly@php.net; spf=unknown; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 85.214.94.56 as permitted sender)
X-PHP-List-Original-Sender: helly@php.net
X-Host-Fingerprint: 85.214.94.56 aixcept.net Linux 2.6
Received: from [85.214.94.56] ([85.214.94.56:43943] helo=h1149922.serverkompetenz.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 19/12-18883-3B4DB394 for <internals@lists.php.net>; Sun, 07 Dec 2008 08:50:44 -0500
Received: from MBOERGER-ZRH.corp.google.com (65-158.107-92.cust.bluewin.ch [92.107.158.65])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by h1149922.serverkompetenz.net (Postfix) with ESMTP id DC88A11EFFE;
	Sun,  7 Dec 2008 14:50:39 +0100 (CET)
Date: Sun, 7 Dec 2008 14:47:49 +0100
Reply-To: Marcus Boerger <helly@php.net>
X-Priority: 3 (Normal)
Message-ID: <512610500.20081207144749@marcus-boerger.de>
To: Ilia Alshanetsky <ilia@prohost.org>
CC: PHP Internals <internals@lists.php.net>, 
	Scott MacVicar <scott@macvicar.net>
In-Reply-To: <40E11268-D705-4F32-96E0-4C0AEA27AAC9@macvicar.net>
References: <40E11268-D705-4F32-96E0-4C0AEA27AAC9@macvicar.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] PHP 5.2.7 + magic_quotes_gpc broken
From: helly@php.net (Marcus Boerger)

Hello Ilia,

  Ilia, this is ultimately your call but I suggest we drop 5.2.7, explain
that people shouldn't use it on php.net news and then provide 5.2.8.

marcus

Saturday, December 6, 2008, 9:35:42 PM, you wrote:

> Hey,

> There have been several bug reports about magic_quotes_gpc being  
> broken, at the moment in 5.2.7 the escaping is not performed even when  
> enabled. So any applications that attempt to undo the work of  
> magic_quotes_gpc will end up with problems.

> I've backed out the bug that broke this #42718

> Since this is a relative serious issue from a security stand point if  
> people rely on it being enabled and a potential data loss for those  
> trying to undo it, I'd like to see a release packaged asap.

> If Ilia agrees then could fixes to the 5.2 branch be restricted to  
> build fixes only.

> Scott




Best regards,
 Marcus