unread
Hi,
I saw Wietse's taint presentation at nyphp last night and I just
wanted to express my support for the feature.
It seems to me OR-ing bits together between zval fields is relatively
harmless. Clearly it will not catch everything as extensions can
introduce clean zvals that are in fact tainted (or visa versa) but I
foresee that this feature would amount to adding a very informative
warning for developers. Just as you would get a warning for trying to
call a function with the wrong parameters or divide by zero, the taint
bits can be used to teach developers as to how to properly process
their data.
Mike
PS: I am strongly against the idea of filters - the application should
output what I tell it to output and nothing else.