Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:50319
Return-Path: <philip@roshambo.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 74933 invoked from network); 18 Nov 2010 05:19:12 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Nov 2010 05:19:12 -0000
Authentication-Results: pb1.pair.com header.from=philip@roshambo.org; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=philip@roshambo.org; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain roshambo.org from 209.85.161.170 cause and error)
X-PHP-List-Original-Sender: philip@roshambo.org
X-Host-Fingerprint: 209.85.161.170 mail-gx0-f170.google.com  
Received: from [209.85.161.170] ([209.85.161.170:36944] helo=mail-gx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C0/72-60012-F47B4EC4 for <internals@lists.php.net>; Thu, 18 Nov 2010 00:19:11 -0500
Received: by gxk22 with SMTP id 22so974375gxk.29
        for <internals@lists.php.net>; Wed, 17 Nov 2010 21:19:08 -0800 (PST)
Received: by 10.91.121.20 with SMTP id y20mr366147agm.28.1290057548836;
        Wed, 17 Nov 2010 21:19:08 -0800 (PST)
Received: from [192.168.1.2] (c-76-22-32-17.hsd1.wa.comcast.net [76.22.32.17])
        by mx.google.com with ESMTPS id n48sm2150999yha.7.2010.11.17.21.19.07
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Wed, 17 Nov 2010 21:19:07 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1081)
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <AANLkTin3-7w6wmFHvX+T+xoCF5HxSB=sSt4vYnkPW4y-@mail.gmail.com>
Date: Wed, 17 Nov 2010 21:19:05 -0800
Cc: Internals <internals@lists.php.net>
Content-Transfer-Encoding: quoted-printable
Message-ID: <6628E909-5B8E-4FB4-A28F-ECAF7FCA27AB@roshambo.org>
References: <AANLkTin3-7w6wmFHvX+T+xoCF5HxSB=sSt4vYnkPW4y-@mail.gmail.com>
To: Kalle Sommer Nielsen <kalle@php.net>
X-Mailer: Apple Mail (2.1081)
Subject: Re: [PHP-DEV] Magic quotes in trunk
From: philip@roshambo.org (Philip Olson)


> What are your inputs on this matter?

I'm struggling with this topic. We must do something, but it's important =
to understand that plenty of people unknowingly rely upon this security =
feature that's still enabled by default. Granted 5.3 does generate =
E_DEPRECATED errors when magical quotes are enabled, but is one minor =
PHP version of errors enough to go from on to gone?

So while those in the know (e.g., people who follow this list) find them =
annoying and wish they never existed, what are the implications? I'm =
still unsure how best to handle this situation but wanted to express =
these feelings now. Whatever the case, the education effort towards data =
filtering and sanitization requires a lot of improvement.

Regards,
Philip=