Pierre wrote: > I do not want the mode 3, for the reasons I explained earlier. I also >> >> Actually, I do. Especially if I had some legacy non-filtering >> application which I wanted to secure. I would prefer to break it hard >> and then assemble the pieces in the correct way, rather than play >> find-the-next-hole. > > Same comment as before, drop all GPCES usages. This is a typical > situtation, something like what Rasmus described in his post about Y! > policy.
Except we don't drop GPCES (well we do drop $_COOKIE, but for other reasons) which means that existing apps work fine. Dropping GPCES means it becomes very hard to run existing code. If the default filter is strict enough, I don't see the point in dropping those. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
