Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:50320
Return-Path: <larry@garfieldtech.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78146 invoked from network); 18 Nov 2010 05:40:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Nov 2010 05:40:02 -0000
Authentication-Results: pb1.pair.com header.from=larry@garfieldtech.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=larry@garfieldtech.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain garfieldtech.com from 76.96.30.56 cause and error)
X-PHP-List-Original-Sender: larry@garfieldtech.com
X-Host-Fingerprint: 76.96.30.56 qmta06.emeryville.ca.mail.comcast.net  
Received: from [76.96.30.56] ([76.96.30.56:36602] helo=qmta06.emeryville.ca.mail.comcast.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A1/F2-60012-13CB4EC4 for <internals@lists.php.net>; Thu, 18 Nov 2010 00:40:02 -0500
Received: from omta24.emeryville.ca.mail.comcast.net ([76.96.30.92])
	by qmta06.emeryville.ca.mail.comcast.net with comcast
	id YRcJ1f0031zF43QA6Vfyid; Thu, 18 Nov 2010 05:39:58 +0000
Received: from earth.ufp ([98.220.236.211])
	by omta24.emeryville.ca.mail.comcast.net with comcast
	id YVfx1f00H4aLjBW8kVfyu7; Thu, 18 Nov 2010 05:39:58 +0000
Received: from localhost (localhost [127.0.0.1])
	by earth.ufp (Postfix) with ESMTP id 88DD6D7A66
	for <internals@lists.php.net>; Wed, 17 Nov 2010 23:39:57 -0600 (CST)
Received: from earth.ufp ([127.0.0.1])
	by localhost (earth.ufp [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id VpxaFKoT8pYS for <internals@lists.php.net>;
	Wed, 17 Nov 2010 23:39:57 -0600 (CST)
Received: from linux-nkec.site (unknown [192.168.42.1])
	by earth.ufp (Postfix) with ESMTPSA id 73502D7950
	for <internals@lists.php.net>; Wed, 17 Nov 2010 23:39:57 -0600 (CST)
To: internals@lists.php.net
Date: Wed, 17 Nov 2010 23:40:37 -0600
User-Agent: KMail/1.13.5 (Linux/2.6.34.7-0.5-desktop; KDE/4.4.4; x86_64; ; )
References: <AANLkTin3-7w6wmFHvX+T+xoCF5HxSB=sSt4vYnkPW4y-@mail.gmail.com> <6628E909-5B8E-4FB4-A28F-ECAF7FCA27AB@roshambo.org>
In-Reply-To: <6628E909-5B8E-4FB4-A28F-ECAF7FCA27AB@roshambo.org>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <201011172340.37217.larry@garfieldtech.com>
Subject: Re: [PHP-DEV] Magic quotes in trunk
From: larry@garfieldtech.com (Larry Garfield)

On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote:
> > What are your inputs on this matter?
> 
> I'm struggling with this topic. We must do something, but it's important to
> understand that plenty of people unknowingly rely upon this security
> feature that's still enabled by default. Granted 5.3 does generate
> E_DEPRECATED errors when magical quotes are enabled, but is one minor PHP
> version of errors enough to go from on to gone?
> 
> So while those in the know (e.g., people who follow this list) find them
> annoying and wish they never existed, what are the implications? I'm still
> unsure how best to handle this situation but wanted to express these
> feelings now. Whatever the case, the education effort towards data
> filtering and sanitization requires a lot of improvement.
> 
> Regards,
> Philip

I won't miss magic quotes if they're removed, but I can see the argument for 
saying "not quite yet".  Off-by-default is absolutely necessary if they're 
kept.  (Dear god, you mean they aren't off by default already?)

--Larry Garfield