Edit report at http://bugs.php.net/bug.php?id=42718&edit=1
ID: 42718
Updated by: ras...@php.net
Reported by: arnaud dot lb at gmail dot com
Summary: FILTER_UNSAFE_RAW not applied when configured as
default filter, even with flags
Status: Assigned
Type: Bug
Package: Filter related
Operating System: *
PHP Version: 5.*, 6CVS (2009-04-30)
Assigned To: pajoye
New Comment:
We should figure out what we want here. Do we want to allow default
flags to be
applied with the unsafe_raw filter or not?
Previous Comments:
------------------------------------------------------------------------
[2008-12-06 19:20:34] paj...@php.net
Yes, revert was the best option for now.
I will dig into it on Monday and re read the discussions about that
(there was some discussions about this whole thing when we added filter
to core).
------------------------------------------------------------------------
[2008-12-06 19:17:09] lbarn...@php.net
> That's wrong
This is exactly what you said one year ago, just before it was
demonstrated that FILTER_UNSAFE_RAW actually does something (according
to documentation, code, and examples), and the bug has been assigned to
you.
That said, I'm not rejecting the fault on anyone, and the important is
to revert, which is done.
------------------------------------------------------------------------
[2008-12-06 18:25:20] paj...@php.net
ooch.
I did not catch in this bug before, but there is a major
misunderstanding in the first comment.
"The unsafe_raw filter does nothing by default, but it
can "optionally strip or encode special characters", and it is the
only filter which is able to do that without doing any other
filtering."
That's wrong. UNSAFE_RAW, the key word here is RAW. It means that the
data is returned unfiltered, without flag, nothing, nada. If this
behavior has been changed then please revert it.
I did not check if it is present in 5.2.7 (it seems to be, as said in
this report or another), that may require a quick fix release (Ilia?).
------------------------------------------------------------------------
[2008-12-06 17:52:37] lbarn...@php.net
All my apologizes for this broken fix.
A quick workaround for 5.2.7 users is to add the following in the
php.ini:
filter.default_flags=0
Scott has reverted this and this bug is not present in CVS.
------------------------------------------------------------------------
[2008-12-06 17:32:55] magical...@php.net
This is a proposed fix for this bug that will keep old behavior.
Another fix could be simply to test IF_G(default_filter_flags) against
FILTER_FLAG_NO_ENCODE_QUOTES instead of 0.
http://ookoo.org/svn/snip/php_5_2-broken_filter_and_magic_quotes.patch
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=42718
--
Edit this bug report at http://bugs.php.net/bug.php?id=42718&edit=1
