Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57209
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 58480 invoked from network); 4 Jan 2012 20:56:30 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Jan 2012 20:56:30 -0000
Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.161.170 cause and error)
X-PHP-List-Original-Sender: rasmus@lerdorf.com
X-Host-Fingerprint: 209.85.161.170 mail-gx0-f170.google.com  
Received: from [209.85.161.170] ([209.85.161.170:49981] helo=mail-gx0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B4/73-50667-EFCB40F4 for <internals@lists.php.net>; Wed, 04 Jan 2012 15:56:30 -0500
Received: by ggnv1 with SMTP id v1so11210520ggn.29
        for <internals@lists.php.net>; Wed, 04 Jan 2012 12:56:27 -0800 (PST)
Received: by 10.50.170.35 with SMTP id aj3mr69368997igc.2.1325710587256;
        Wed, 04 Jan 2012 12:56:27 -0800 (PST)
Received: from [192.168.200.5] (c-50-131-44-225.hsd1.ca.comcast.net. [50.131.44.225])
        by mx.google.com with ESMTPS id h9sm193125268ibh.11.2012.01.04.12.56.25
        (version=SSLv3 cipher=OTHER);
        Wed, 04 Jan 2012 12:56:26 -0800 (PST)
Message-ID: <4F04BCF9.30802@lerdorf.com>
Date: Wed, 04 Jan 2012 12:56:25 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111124 Thunderbird/8.0
MIME-Version: 1.0
To: Reindl Harald <h.reindl@thelounge.net>
CC: internals@lists.php.net
References: <CABBJUpc7T2QZm8QiitQ0wZ5RsY=3Jwy_UERSvLT9unNYtJ1mZA@mail.gmail.com> <CABBJUpcVkYwU4zN0dG2b+jYkppnY9HR8wm7FV0tnmGt6ky5wQg@mail.gmail.com> <CABBJUpeN4iJ6mVUKEEz8qxY25zxTmwg8EigpsmxnZGz5xshMhw@mail.gmail.com> <4F048A03.4070408@sugarcrm.com> <CAH-PCH69gV88qnQ7OHhGHSt70oD7f9Z_HCFD7dfW6SmBR6z2tQ@mail.gmail.com> <4F04A172.7080509@sugarcrm.com> <CAH-PCH5BUsrXKLtk6JWCOA8d5+2DxSke3UAnbBraJyGP-YnQnA@mail.gmail.com> <4F04AA8E.6020701@sugarcrm.com> <CAH-PCH6YH3ZxH5XzEm6+gsikaHjyL-pdHyAs=OnFhWqHk0CctQ@mail.gmail.com> <4F04AD6D.80608@php.net> <CAF+90c-6XrWJnL4vOQjjPm=N=fWrMy31wHOeXGccv+KRq5DrVw@mail.gmail.com> <4F04B071.8080102@php.net> <CAKxcST9NhATxVLrOVP9h2Qy9GfuuzreeVMBtH0EqdZf7jPhytg@mail.gmail.com> <4F04B44D.6080208@thelounge.net>
In-Reply-To: <4F04B44D.6080208@thelounge.net>
X-Enigmail-Version: 1.4a1pre
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: another fix for max_input_vars.
From: rasmus@lerdorf.com (Rasmus Lerdorf)

On 01/04/2012 12:19 PM, Reindl Harald wrote:
> 
> 
> Am 04.01.2012 21:07, schrieb Paul Dragoonis:
> 
>> I agree with Rasmus here. A lot of people keep display_errors
>> on, even when they shouldn't.
> 
> it is not the job of a programming language stop admins from
> beeing stupid - the defaults have to be sane and this is
> display_error OFF, if somebody decides for whateever reason to turn
> it on it is not yours or anybody others decision to ignore the
> setting here, and there and there also but there not

Yes, but display_errors is not off by default, that is the problem. If
we could get away with turning display_errors off by default, then I
agree that we don't need this. As it is currently, the default setup,
if people don't do anything, will result in a security problem because
of this.

-Rasmus