Hi!
That sounds like a nicer approach and it is actually one of the RFC I like to see to bring some of the features of Suhosin in PHP (disable eval and the e modifier).
Disbaling eval() makes little sense to me - nobody accidentally writes an eval() and if you execute third-party code there's dozens of ways to do the same thing as eval() does. The /e case though seems much stronger, as one could legitimately write preg_replace() which uses /e and securing it is a non-trivial task since you basically inject third-party code into your context (like SQL injection only worse since SQL doesn't have vars in strings :). So given we have preg_replace_callback, phasing out /e starting 5.5 would probably make sense.
-- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
