Wietse Venema wrote:
I've uploaded a new version of taint support for PHP. You can find
all the files via:
ftp://ftp.porcupine.org/pub/php/index.html
[..]
For examples and details, see the README file, also on-line at:
ftp://ftp.porcupine.org/pub/php/php-5.2.5-taint-20080130.README.html
I need your feedback to make this code complete. I hope to do
several quick 1-2 month release cycles in which I collect feedback,
fill in missing things, and adjust course until things stabilize.
I must say I like the idea, but I'm not too fond about the error handling.
For it to help with (especially) the unexperienced programmers it should
be enabled by default, which automatically is going to break a lot of
websites if put in production environments.
However turning it off by default isn't going to help, most people don't
even set their error_reporting() to a respectable setting, let alone a
new setting.
And how does this work with the Filter ( http://docs.php.net/filter )
extension ?
Wietse
- Mark
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
