Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:50400 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 38682 invoked from network); 20 Nov 2010 02:46:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Nov 2010 02:46:06 -0000 Authentication-Results: pb1.pair.com smtp.mail=ssufficool@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=ssufficool@gmail.com; sender-id=pass; domainkeys=bad Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.170 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: ssufficool@gmail.com X-Host-Fingerprint: 209.85.214.170 mail-iw0-f170.google.com Received: from [209.85.214.170] ([209.85.214.170:36135] helo=mail-iw0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BE/47-29351-B6637EC4 for ; Fri, 19 Nov 2010 21:46:04 -0500 Received: by iwn4 with SMTP id 4so308125iwn.29 for ; Fri, 19 Nov 2010 18:46:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=4tEd6k3bWdMnzTxMpP1bqko9T33Ya0+jJtsvtpZx9w4=; b=J3EFTl3UZQvqxGg9CKYH0ntWIKz8iYctlPO2OuT/xsmnsVcI6pYsns1v3+0rw61VaL cYB+gqCcAsXyAUo3QVU1R1d2jPDCrfShr8cIcM7EtFA99o1EgFFe5qDXTSKbDSFFpQ9S X0DueQAvTYQyVH552Y/zWybLitZzxQC7w3jcA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=BxbskwvMDFpxYGfFulGvmrNlilqkLGwLh5K6NJnmQktKbSfXsjLqYge5OKmY1q/zYl Gy+vph5c6hh7MIUaK0X4x+8mvK/WjimO+WRrhhOPJe7x2Y2E81pqT6iP6t7L7slE+OR9 Cb5YzpCtmAIFm+y5h84pi/RXu8VHEWCjXiCu0= MIME-Version: 1.0 Received: by 10.231.15.139 with SMTP id k11mr2903157iba.175.1290221160048; Fri, 19 Nov 2010 18:46:00 -0800 (PST) Received: by 10.42.41.82 with HTTP; Fri, 19 Nov 2010 18:45:59 -0800 (PST) In-Reply-To: <20101119161415.GA21178@panix.com> References: <6628E909-5B8E-4FB4-A28F-ECAF7FCA27AB@roshambo.org> <201011172340.37217.larry@garfieldtech.com> <20101118162047.GA26431@panix.com> <1290097549.16819.180.camel@guybrush> <20101119151702.GA5937@panix.com> <20101119161415.GA21178@panix.com> Date: Fri, 19 Nov 2010 18:45:59 -0800 Message-ID: To: Daniel Convissor Cc: PHP Internals List Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Magic quotes in trunk From: ssufficool@gmail.com (Stanley Sufficool) On Fri, Nov 19, 2010 at 8:14 AM, Daniel Convissor wrote: > On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote: >> you can get pwn3d with magic_quotes_gpc =3D On > > That goes without saying. =A0None the less, it will be problematic for PH= P > to disable/remove a "security" feature that some people rely on. Well then +1 for making the setting throw depreciated PHP startup notifications when turned on with a link to suggested security practices for SQL, exec(), passthru(), and other sensitive functions benefiting from magic quotes. Also throw an E_NOTICE depreciated for the magic_quotes_gpc() function as well for those that check if this setting is on/off. But please start the movement in the direction that this will be removed in the future. > > --Dan > > -- > =A0T H E =A0 A N A L Y S I S =A0 A N D =A0 S O L U T I O N S =A0 C O M P = A N Y > =A0 =A0 =A0 =A0 =A0 =A0data intensive web and database programming > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0http://www.AnalysisAndSolutions.com/ > =A04015 7th Ave #4, Brooklyn NY 11232 =A0v: 718-854-0335 f: 718-854-0409 > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >