Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:42150 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 8294 invoked from network); 8 Dec 2008 15:47:46 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 Dec 2008 15:47:46 -0000 Authentication-Results: pb1.pair.com header.from=Johannes.Schlueter@Sun.COM; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=johannes@php.net; spf=unknown; sender-id=unknown Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 192.18.6.24 as permitted sender) X-PHP-List-Original-Sender: johannes@php.net X-Host-Fingerprint: 192.18.6.24 gmp-eb-inf-2.sun.com Solaris 10 (beta) Received: from [192.18.6.24] ([192.18.6.24:52109] helo=gmp-eb-inf-2.sun.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 38/04-21579-0A14D394 for ; Mon, 08 Dec 2008 10:47:45 -0500 Received: from fe-emea-09.sun.com (gmp-eb-lb-2-fe3.eu.sun.com [192.18.6.12]) by gmp-eb-inf-2.sun.com (8.13.7+Sun/8.12.9) with ESMTP id mB8Flfs8019642 for ; Mon, 8 Dec 2008 15:47:42 GMT Received: from conversion-daemon.fe-emea-09.sun.com by fe-emea-09.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0KBK00K01EGBBH00@fe-emea-09.sun.com> (original mail from johannes@php.net) for internals@lists.php.net; Mon, 08 Dec 2008 15:47:41 +0000 (GMT) Received: from [192.168.1.103] ([93.104.44.232]) by fe-emea-09.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0KBK00HXOEJ8H0E0@fe-emea-09.sun.com>; Mon, 08 Dec 2008 15:47:40 +0000 (GMT) Date: Mon, 08 Dec 2008 16:47:31 +0100 Sender: Johannes.Schlueter@Sun.COM To: PHP Internals List Cc: Hannes Magnusson Message-ID: <1228751251.3429.18.camel@goldfinger.johannes.nop> MIME-version: 1.0 X-Mailer: Evolution 2.22.3.1 (2.22.3.1-1.fc9) Content-type: text/plain Content-transfer-encoding: 7BIT Subject: About dropping magic_quotes in 5.3 (was: Re: [PHP-DEV] Re: PHP 5.2.7 + magic_quotes_gpc broken) From: johannes@php.net (Johannes =?ISO-8859-1?Q?Schl=FCter?=) Hi, let's take this to a new thread so it'S not hidden in other discussions: On Mon, 2008-12-08 at 16:06 +0100, Hannes Magnusson wrote: > > I do not think it is necessary for 5.3. It is an alpha release after > > all and seriously, anyone who plans to move to 5.3.0 and still > > relies on magic quotes gpc is likely to have more issues as well. > > Time to turn it off by default then? Getting rid of magic_quotes would be really nice but has a very big "BUT". Many things (I won't call it "applications" or something...) out there are accidentially more or less safe due to magic_quotes. Many of these things were written by people with, at most, basic understanding of the what they are doing and now are running at some random hosting company on a $9.99/year (no idea what today's prices are) When dropping magic_quotes the hosting company can do one of two things: a) not update to 5.3 so we either have to maintain 5.2 for some time or let them have problems b) update to 5.3. Doing that means they break many of there customer's code. Now they could add a default filter to add quotes again, what's the win? Except that it will break magic_quotes-compatible code and makes it harder to detect? People won't fix the code - the code was "developed" by some web design company 5 years ago and nobody touches the site anymore and there's no maintenance contract between the design company and the site owner anymore... The only way I see for getting rid of magic_quotes is with a version which will require people to touch the code anyways and with a big "marketing campaign" so I think PHP 6 is a way better time for that even so I'm really annoyed by it when doing stuff myself... Comments and other views are welcome, johannes