Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:42166
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: error (pb1.pair.com: domain macvicar.net from 193.227.246.108 cause and error)
References: <1228751251.3429.18.camel@goldfinger.johannes.nop> <fe05d1540812080757r417038d0ib768cbd8990be228@mail.gmail.com> <7f3ed2c30812080818x6a29709bgcfc894b2a225b9b6@mail.gmail.com> <6764B52F-3708-4EAD-98C0-57CDF09C3FA4@roshambo.org>
Message-ID: <EA743DBE-6D29-45F8-AEE2-D8E8ECDCCC18@macvicar.net>
To: Philip Olson <philip@roshambo.org>
In-Reply-To: <6764B52F-3708-4EAD-98C0-57CDF09C3FA4@roshambo.org>
Content-Type: text/plain;
	charset=utf-8;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (iPhone Mail 5G77)
Date: Mon, 8 Dec 2008 16:53:20 +0000
Cc: Hannes Magnusson <bjori@php.net>,
 Pierre Joye <pierre.php@gmail.com>,
 =?utf-8?Q?Johannes_Schl=C3=BCter?= <johannes@php.net>,
 PHP Internals List <internals@lists.php.net>
X-Spam_Report: Spam detection software, running on the system "lovelace.midden.org.uk", has
	identified this incoming email as possible spam.  The original message
	has been attached to this so you can view it (if it isn't spam) or label
	similar future email.  If you have any questions, see
	the administrator of that system for details.
	Content preview:  On 8 Dec 2008, at 16:35, Philip Olson <philip@roshambo.org>
	wrote: > > On 8 Dec 2008, at 08:18, Hannes Magnusson wrote: > >> On Mon,
	Dec 8, 2008 at 16:57, Pierre Joye <pierre.php@gmail.com> >> wrote: >>> On
	Mon, Dec 8, 2008 at 4:47 PM, Johannes Schlüter <johannes@php. >>> net> wrote:
	>>>> >>>> When dropping magic_quotes the hosting company can do one of two
	>>>> things: >>>> >>>> a) not update to 5.3 so we either have to maintain
	5.2 for some >>>> time or >>>> let them have problems >>> >>> +1 >> >> We
	cannot simply nuke a feature that was once upon a time sold as a >> security
	feature, and is still enabled by default, just "out of the >> blue". > >
	Agreed, going from on by default to removed just feels odd. [...] 
	Content analysis details:   (-4.3 points, 5.0 required)
	pts rule name              description
	---- ---------------------- --------------------------------------------------
	-1.8 ALL_TRUSTED            Passed through trusted hosts only via SMTP
	-2.6 BAYES_00               BODY: Bayesian spam probability is 0 to 1%
	[score: 0.0000]
	0.1 AWL                    AWL: From: address is in the auto white-list
Subject: Re: [PHP-DEV] About dropping magic_quotes in 5.3 (was: Re: [PHP-DEV] Re: PHP 5.2.7 + magic_quotes_gpc broken)
From: scott@macvicar.net (Scott MacVicar)

On 8 Dec 2008, at 16:35, Philip Olson <philip@roshambo.org> wrote:

>
> On 8 Dec 2008, at 08:18, Hannes Magnusson wrote:
>
>> On Mon, Dec 8, 2008 at 16:57, Pierre Joye <pierre.php@gmail.com> =20
>> wrote:
>>> On Mon, Dec 8, 2008 at 4:47 PM, Johannes Schl=C3=BCter =
<johannes@php.=20
>>> net> wrote:
>>>>
>>>> When dropping magic_quotes the hosting company can do one of two =20=

>>>> things:
>>>>
>>>> a) not update to 5.3 so we either have to maintain 5.2 for some =20
>>>> time or
>>>> let them have problems
>>>
>>> +1
>>
>> We cannot simply nuke a feature that was once upon a time sold as a
>> security feature, and is still enabled by default, just "out of the
>> blue".
>
> Agreed, going from on by default to removed just feels odd.

I'd disable it by default in 5.3 and lets start throwing a strict =20
error if the configuration enables it.

Scott=