On Sat, 2002-02-16 at 18:01, Yasuo Ohgaki wrote: > Yasuo Ohgaki wrote: > > Stefan Esser wrote: > > > >> magic_quotes_by_default is a nice way to make scripts (written by > >> novices) > >> safer. Unfourtunately mqbd forces you to write unsecure scripts. If > >> you put > >> such > >> scripts onto a server that doesnt have mqbd they are insecure. > > > > > > This is true. I bet many novice writes insecure scripts. > > It may not be good idea for PHP 4.2 :( > > > > I'll add more description to > > http://www.php.net/manual/en/security.variables.php > > and try again for PHP5. > > > > > Hmmm btw... This idea just came to my mind and i don't know if it > > would be > > > too much overhead, but what about keeping track of what variables got > > > already magically quoted and do not quote them again if the script > > wants it. > > > > This idea sounds nice to me :)
The WTF factor for that would be off the scale. Think about how many bug reports about addslashes() not working we'd have to bogusify. -1 > Forgot to ask if anyone objects to make magic qoutes off by default > for PHP5. Anyone? +1 > -- > Yasuo Ohgaki -- Torben Wilson <[EMAIL PROTECTED]> http://www.thebuttlesschaps.com http://www.hybrid17.com http://www.inflatableeye.com +1.604.709.0506 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
