From: matthew dot wilkinson at gmail dot com Operating system: Irrelevant PHP version: 5.2.10 PHP Bug Type: Filter related Bug description: filter.default repeating past mistakes?
Description: ------------ While the data filtering extension is a fantastic thing, is providing the filter.default configuration option not just presenting a repeat of what magic quotes brought? ie. scripts will have to check if inputs are already filtered, potentially have to unfilter them or work around it. It should be the scripts responsibility to filter inputs if they need to be, and as magic quotes proved, when PHP tries to do it for the programmer, and in a configurable, non-consistent way, it becomes a hassle and inconvenience rather than a security feature. For these reasons, I think the filter.default and filter.default_flags configuration options should be removed, and no filtering done by PHP unless a script explicitly uses the filter_* functions. Reproduce code: --------------- --- >From manual page: filter.configuration --- -- Edit bug report at http://bugs.php.net/?id=48727&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=48727&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=48727&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=48727&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=48727&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=48727&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=48727&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=48727&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=48727&r=needscript Try newer version: http://bugs.php.net/fix.php?id=48727&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=48727&r=support Expected behavior: http://bugs.php.net/fix.php?id=48727&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=48727&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=48727&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=48727&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48727&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=48727&r=dst IIS Stability: http://bugs.php.net/fix.php?id=48727&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=48727&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=48727&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=48727&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=48727&r=mysqlcfg
