> The patch is not only targeting JSON. He just used JSON as an example.
> Every function generating arrays with keys based on user-defined input
> needs to be updated.
That looks like a very good way to make a lot of mistakes, miss a lot of
cases and end up playing whack-a-mole with covering all functions. Why
not just patch zend_hash.c and be done with it?
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php