Changing the variables_order to CGP is not a good idea either, because then applications that use cookies through _REQUEST could be tricked by
I can imagine why one would use _REQUEST to work with GET and POST alike. However I can not imagine what would be the reason to use REQUEST if you need cookie-only variable. It is very rare that application API would consider cookie and GET parameter be of the same semantics. Anyway, I'd recommend GP over CGP.
Unfortunately removing C from variables_order does not only remove cookies from _REQUEST but removes the content of _COOKIE. And that would kill e.g. ext/session.
Hmm... I though exactly the opposite should happen, and also that's what the manual says - "The content and order of $_REQUEST is also affected by this (variables_order - SM.) directive". Maybe if it doesn't work this way we should change it for 5.3? I don't see a very good reason to kill _COOKIE (if there is, maybe we can have other option for that) but as you said there is a good reason to drop cookies from _REQUEST.
-- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php