Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:47994
Return-Path: <philip@roshambo.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 94330 invoked from network); 16 Apr 2010 15:32:52 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Apr 2010 15:32:52 -0000
Authentication-Results: pb1.pair.com smtp.mail=philip@roshambo.org; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=philip@roshambo.org; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain roshambo.org from 209.85.160.42 cause and error)
X-PHP-List-Original-Sender: philip@roshambo.org
X-Host-Fingerprint: 209.85.160.42 mail-pw0-f42.google.com  
Received: from [209.85.160.42] ([209.85.160.42:47897] helo=mail-pw0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 02/81-20775-32388CB4 for <internals@lists.php.net>; Fri, 16 Apr 2010 11:32:52 -0400
Received: by pwi8 with SMTP id 8so2065922pwi.29
        for <internals@lists.php.net>; Fri, 16 Apr 2010 08:32:48 -0700 (PDT)
Received: by 10.143.136.2 with SMTP id o2mr982580wfn.94.1271431968565;
        Fri, 16 Apr 2010 08:32:48 -0700 (PDT)
Received: from [192.168.1.103] (207-224-16-108.ptld.qwest.net [207.224.16.108])
        by mx.google.com with ESMTPS id 21sm2360089pzk.4.2010.04.16.08.32.46
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Fri, 16 Apr 2010 08:32:47 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset=iso-8859-1
In-Reply-To: <1271408519.4615.89.camel@guybrush>
Date: Fri, 16 Apr 2010 08:32:02 -0700
Cc: Arvids Godjuks <arvids.godjuks@gmail.com>,
 Internals <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <03FC1A5C-A464-4385-BDF3-6DE2EF7CFDA3@roshambo.org>
References: <n2k2dedb8a1004081548g4381879ahb76cf5ab9b855a9d@mail.gmail.com> <1271371883.4615.55.camel@guybrush> <g2t9b3df6a51004160143le05076a4h921800430deaedbf@mail.gmail.com> <1271408519.4615.89.camel@guybrush>
To: =?iso-8859-1?Q?Johannes_Schl=FCter?= <johannes@php.net>
X-Mailer: Apple Mail (2.1078)
Subject: Re: [PHP-DEV] [RFC] Removal of deprecated features
From: philip@roshambo.org (Philip Olson)


On Apr 16, 2010, at 2:01 AM, Johannes Schl=FCter wrote:

> On Fri, 2010-04-16 at 11:43 +0300, Arvids Godjuks wrote:
>> You must have been flying somethere in the Andromeda galaxy all this =
time!
>>=20
>> magic_quotes, safe_mode and other stuff was announced depricated now =
for a
>> few years, there is big buzz going on about it and these features are
>> allready marked as depricated and throw warnings as of 5.3, some even =
as off
>> 5.2. It's hard to miss articles, announce, conferences and numerous =
blog
>> entries literally from any PHP developer who has a blog that these =
features
>> are to be droped.
>=20
> Go to a random hosting site and look at there configuration - magic
> quotes will be enabled. Look at some (not all) distributor packages -
> magic quotes will be on. Many of them won't see it as it's "hidden" in
> an error log which barely anybody read. Yes you do. You also read this
> list. But that's a minority of our users. Most don't follow the
> development closely. Most don't read blogs. Most don't know about
> php.ini. Most don't know about security.
>=20
> The people we interact with are just the tip of the iceberg. Most PHP
> users are hidden on the internet.
>=20
> I would love to get rid of this "feature" but I fear that many users
> won't notice and i don't know how to tell them.

And a related issue is that magical quotes are still enabled by default =
in PHP, and removing a security feature that was enabled by default is =
not a simple matter. Not sure if disabling it by default (in trunk) is a =
preferred intermediate step, but it's possible.

Regards,
Philip