On 08.10.2019 at 11:44, Björn Larsson wrote: > Den 2019-10-08 kl. 11:00, skrev Claude Pache: > >> When evaluating the _unique_ cost of migrating legacy code, it should >> be balanced with the _continual_ cost of keeping the feature. That >> includes: >> >> * People wondering what that strange syntax does, or, worse, mistaking >> it with a variation of string literal. >> * Difficulty to search occurrences of `shell_exec`. >> * People trying to deactivate functions executing external programs >> (such as `shell_exec`) using the "disable_function" ini directive, >> wondering how to deactivate the backtick operator (since there is no >> `disable_operator` directive). > > For the third one, one idea could be to extend the current > directive also working for backticks or create a new one. > Would that be an improvement?
<https://www.php.net/manual/en/language.operators.execution.php>: | The backtick operator is disabled when safe mode is enabled or | shell_exec() is disabled. -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
