Philip Olson wrote: > Having php create $DOCUMENT_ROOT and similar is not a security risk.
> Please provide an example of what you mean, I do not understand. different server APIs have different sets of server variables, so we get into the same situation as with other 'magic' variables. it's far less risky as global registration of form input, but still not a good thing > I believe this feature request is a good one. IMHO not, as we want to advertise using the new arrays instead of registered globals, so we shouldn't create exceptions to the rule esp. your "ease of transition" argument is bogus, as people will have to review and adapt their code anyway as soon as register_globals is of, so why not get rid of all of the globals, why create a special case for the server ones? -- Hartmut Holzgraefe [EMAIL PROTECTED] http://www.six.de +49-711-99091-77 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
