Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:47989
Return-Path: <johannes@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 83472 invoked from network); 15 Apr 2010 22:51:35 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Apr 2010 22:51:35 -0000
Authentication-Results: pb1.pair.com header.from=johannes@php.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=johannes@php.net; spf=unknown; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 83.243.58.134 as permitted sender)
X-PHP-List-Original-Sender: johannes@php.net
X-Host-Fingerprint: 83.243.58.134 mailout2.netbeat.de Linux 2.6
Received: from [83.243.58.134] ([83.243.58.134:54346] helo=mailout2.netbeat.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id EE/36-44925-57897CB4 for <internals@lists.php.net>; Thu, 15 Apr 2010 18:51:35 -0400
Received: (qmail 26333 invoked by uid 89); 15 Apr 2010 22:48:59 -0000
Received: from unknown (HELO ?192.168.1.31?) (postmaster%schlueters.de@93.104.105.207)
  by mailout2.netbeat.de with ESMTPA; 15 Apr 2010 22:48:59 -0000
X-Originator: 9e51b244e0a38413ab6a9876e36ba9df
To: Kalle Sommer Nielsen <kalle@php.net>
Cc: Internals <internals@lists.php.net>, Philip Olson <philip@roshambo.org>
In-Reply-To: <n2k2dedb8a1004081548g4381879ahb76cf5ab9b855a9d@mail.gmail.com>
References: <n2k2dedb8a1004081548g4381879ahb76cf5ab9b855a9d@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Organization: php.net
Date: Fri, 16 Apr 2010 00:51:23 +0200
Message-ID: <1271371883.4615.55.camel@guybrush>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] Removal of deprecated features
From: johannes@php.net (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

Hi,

on my previous mail I missed one thing:

On Fri, 2010-04-09 at 00:48 +0200, Kalle Sommer Nielsen wrote:
> magic_quotes_*
>  - Something we have long time been wanted to remove from PHP, I don't
> see a big reason to keep those in the next version, even if its going
> to be a 5.4, since we already removed things like
> zend.ze1_compatibility_mode. See the magic quotes RFC[4].

Removing magic_quotes would be soooooooooooo great. BUT the issue is
that most users don't know about it. Many applications are more or less
secure due to its existence. The apps aren't fully secure but a few less
vectors.

I'm - for a while - thinking whether there is a way to notify
application developers about applications which run with m_q=On but no
check for it. As unless they are aware of it this will break many things
where people don't read the upgrading guides.

With the old PHP 6 I hoped the break was big enough. Now I'm not sure.

johannes