On Thu, 9 Feb 2006, Thomas -Balu- Walter wrote:
On Wed, Feb 08, 2006 at 03:35:35PM +0100, Florian Sperber wrote:
if rc detects magic_quotes_gpc=on always do the workaround and display
always a warning but with a hint, where to deactivate this warning. This
way we spread the information about the magic_quotes problem and reduce
support questions.
Problem is that many scripts rely on magic_quotes_gpc=on. Even most PHP
sites say that magic_quotes is a very important setting, because it
helps avoiding security problems in scripts (which is totally wrong
:-/).
If you tell people to switch that off, they might get problems with
other scripts.
They can always have diferent settings for diferent directory definitions
in the web server.
As I said before, magic_quotes is a very bad thing, and security must
come from the programmer, not an automatic quoter.
--
10:20:01 up 17 days, 16:05, 1 user, load average: 0.02, 0.02, 0.00
---------------------------------------------------------
Lic. Martín Marqués | SELECT 'mmarques' ||
Centro de Telemática | '@' || 'unl.edu.ar';
Universidad Nacional | DBA, Programador,
del Litoral | Administrador
---------------------------------------------------------
