Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:50323 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89836 invoked from network); 18 Nov 2010 07:22:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 18 Nov 2010 07:22:22 -0000 Authentication-Results: pb1.pair.com smtp.mail=zeev@zend.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=zeev@zend.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.185 as permitted sender) X-PHP-List-Original-Sender: zeev@zend.com X-Host-Fingerprint: 212.25.124.185 il-mr1.zend.com Received: from [212.25.124.185] ([212.25.124.185:43956] helo=il-mr1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id DE/54-60012-B24D4EC4 for ; Thu, 18 Nov 2010 02:22:20 -0500 Received: from il-gw1.zend.com (unknown [10.1.1.22]) by il-mr1.zend.com (Postfix) with ESMTP id 6E26550518; Thu, 18 Nov 2010 09:16:43 +0200 (IST) Received: from IL-EX2.zend.net ([::1]) by il-ex2.zend.net ([::1]) with mapi; Thu, 18 Nov 2010 09:22:13 +0200 To: Larry Garfield , "internals@lists.php.net" Thread-Topic: [PHP-DEV] Magic quotes in trunk Thread-Index: AQHLhnHLiR0iBMU+L06WvmWqJXh2D5N2kdKAgAAGBICAADvaYA== Date: Thu, 18 Nov 2010 07:22:13 +0000 Message-ID: <887FE7CFF6F8DE4BB3A9535F53AFD06A2C5A4581@il-ex2.zend.net> References: <6628E909-5B8E-4FB4-A28F-ECAF7FCA27AB@roshambo.org> <201011172340.37217.larry@garfieldtech.com> In-Reply-To: <201011172340.37217.larry@garfieldtech.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: RE: [PHP-DEV] Magic quotes in trunk From: zeev@zend.com (Zeev Suraski) > -----Original Message----- > From: Larry Garfield [mailto:larry@garfieldtech.com] > Sent: Thursday, November 18, 2010 7:41 AM > To: internals@lists.php.net > Subject: Re: [PHP-DEV] Magic quotes in trunk >=20 > On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote: > > > What are your inputs on this matter? > > > > I'm struggling with this topic. We must do something, but it's > > important to understand that plenty of people unknowingly rely upon > > this security feature that's still enabled by default. Granted 5.3 > > does generate E_DEPRECATED errors when magical quotes are enabled, > but > > is one minor PHP version of errors enough to go from on to gone? > > > > So while those in the know (e.g., people who follow this list) find > > them annoying and wish they never existed, what are the implications? > > I'm still unsure how best to handle this situation but wanted to > > express these feelings now. Whatever the case, the education effort > > towards data filtering and sanitization requires a lot of improvement. > > > > Regards, > > Philip >=20 > I won't miss magic quotes if they're removed, but I can see the argument = for > saying "not quite yet". Off-by-default is absolutely necessary if they'r= e kept. > (Dear god, you mean they aren't off by default already?) The voice of reason... As much as I'd like to see magic quotes burning in hell (had the option to = kill them when they were small, but unfortunately didn't), I'm wondering wh= ether the people +1'ing are thinking about the potential consequences to do= ing this, and if they're also volunteering to respond (nicely!!) to the end= less complaints, flames, and just general "what happened???!!!" mailing lis= t emails that may flood us when this happens. With 6.0, we talked about ha= ving prepend-scripts that emulate magic quotes available, since like it or = not - there are probably billions of lines of code out there that rely on t= he existence of magic quotes. I don't have a strong opinion on whether we should remove magic quotes alto= gether in 5.4 and provide emulation instructions, or just disable it by def= ault as a first step. Zeev =20