On Aug 12, 2005, at 2:19 PM, Derick Rethans wrote:
On Fri, 12 Aug 2005, George Schlossnagle wrote:
3. Add input filter extension which will include a mechanism for
application developers to very easily turn it off which would
swap
the raw GPC arrays back in case the site had it turned on by
default.
That seems a bit scary, and almost as if it would defeat the
purpose. I'm
all for an input filter extension, but it should be one that can't
be easily
neutered by (potentially malicious) applications.
I wrote up the following spec for this extension:
http://files.derickrethans.nl/filter_extension.html
Where's the part about an application swapping back for the raw
arrays (as opposed to accessing them specifically as _RAW_GET or
whatever)? Or are you and Rasmus talking about two different proposals?
George
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
