i did not see any smiley and without it is hard to smell remove /e makes sense over the long because it is really dangerous to get wrong used with user-input by pepole C&P reg-expressions from somewehre without exactly understand what they are doing and that they can trigger remote-code execution form anonymous requests
the places where i use eval will never see any user-input these are different worlds Am 05.02.2012 17:37, schrieb Tom Boutell: > A sense of humor is important when reading mailing lists frequented by > extremely clever people (: > > On Sun, Feb 5, 2012 at 11:34 AM, Reindl Harald <h.rei...@thelounge.net> wrote: >> what he hell - if you kill eval you would kill the whole >> work of my life and yes i know that eval is evil and >> it is only used at one place which is a central and >> real important to include modules and set parameters >> dynamically >> >> the /e modifier is a total other dimension because it can >> be used by people not knowing what they are doing exactly >> by C&P any code snippet >> >> eval() is a documentated function >> >> Am 05.02.2012 17:21, schrieb Pierre Joye: >>> I think we should remove eval at the same time then. As the risk is >>> exactly the same in both situations. Eval is just as evil and can be >>> avoided as well (or any other similar features, not sure if other exts >>> allow that). >>> >>> Cheers, >>> >>> On Sun, Feb 5, 2012 at 3:59 PM, Nikita Popov <nikita....@googlemail.com> >>> wrote: >>>> Hi internals! >>>> >>>> I have written an RFC that proposes to *deprecate* and *remove* the /e >>>> modifier: >>>> >>>> https://wiki.php.net/rfc/remove_preg_replace_eval_modifier >>>> >>>> Comments welcome!
signature.asc
Description: OpenPGP digital signature
