On 3/22/07, Matthew Weier O'Phinney <[EMAIL PROTECTED]> wrote:
Once I realized people were using the request object in order to pull GET and POST data -- instead of accessing those superglobals themselves, or using a proxy such as Zend_Filter_Input, I realized that this would be a security vector. However, without stable validation/filtering classes ready, this simply could not be addressed properly. Now that they are, we can begin addressing this. This is why I mentioned that it will be dealt with in a later iteration. Any solution will need to remain backwards compatible with the current API, however. This should not be difficult due to the nature of the accessors.
Fair enough. Here's hoping that happens quickly. -- - Ed Finkler http://funkatron.com/
