Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57734
Return-Path: <h.reindl@thelounge.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 20671 invoked from network); 5 Feb 2012 16:50:36 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Feb 2012 16:50:36 -0000
Authentication-Results: pb1.pair.com header.from=h.reindl@thelounge.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=h.reindl@thelounge.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain thelounge.net designates 91.118.73.15 as permitted sender)
X-PHP-List-Original-Sender: h.reindl@thelounge.net
X-Host-Fingerprint: 91.118.73.15 mail.thelounge.net  
Received: from [91.118.73.15] ([91.118.73.15:52729] helo=mail.thelounge.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C6/62-09047-B53BE2F4 for <internals@lists.php.net>; Sun, 05 Feb 2012 11:50:36 -0500
Received: from srv-rhsoft.rhsoft.net (openvpn-rh.thelounge.net [10.0.0.241])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.thelounge.net (Postfix) with ESMTPSA id 5826417
	for <internals@lists.php.net>; Sun,  5 Feb 2012 17:50:33 +0100 (CET)
Message-ID: <4F2EB358.1030807@thelounge.net>
Date: Sun, 05 Feb 2012 17:50:32 +0100
Organization: the lounge interactive design
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20120131 Thunderbird/10.0
MIME-Version: 1.0
To: "internals@lists.php.net" <internals@lists.php.net>
References: <CAF+90c9qoyzBf+FpBxMdX0FByy5xB+7x3xi3kNxdvWX=_uz=mg@mail.gmail.com> <CAEZPtU7mYOB6RTHPFb8B76bPsZiFki6J5sJCMViGD7vK8Fdiyg@mail.gmail.com> <4F2EAF7D.9080506@thelounge.net> <CAORXhGKBPehGLvZsj9D4Oi2Fo4FnV+esyg_QNkuv3cO7uFn6qw@mail.gmail.com> <60BDBA28-4E97-4C60-8E31-E34F7E4831AC@gmail.com>
In-Reply-To: <60BDBA28-4E97-4C60-8E31-E34F7E4831AC@gmail.com>
X-Enigmail-Version: 1.3.5
OpenPGP: id=7F780279;
	url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enig32D0F62C0A175E7015018107"
Subject: Re: [PHP-DEV] [RFC] Deprecate and remove /e modifier from preg_replace
From: h.reindl@thelounge.net (Reindl Harald)

--------------enig32D0F62C0A175E7015018107
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable


Am 05.02.2012 17:45, schrieb Michael Stowe:
> Perhaps another option, if it's a security concern is the ability=20
> to turn off the /e modifier, and have it off by default. This way=20
> we can protect our less experienced programmers, while keeping it=20
> available for more advanced use cases.=20
>=20
> Just my two cents + inflation

+1 for secure/sane defaults!

it is possible with suhosin since years
suhosin.executor.disable_emodifier =3D Off


--------------enig32D0F62C0A175E7015018107
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8us1kACgkQhmBjz394AnmTAACfWXcKzouEGjtW31/wTwga9v8X
fGAAoJivwlOJ1bjqlxdC4G6XQck80Dre
=XXy7
-----END PGP SIGNATURE-----

--------------enig32D0F62C0A175E7015018107--