On Fri, Nov 19, 2010 at 10:36 PM, Philip Olson phi...@roshambo.org wrote:
On Nov 19, 2010, at 6:45 PM, Stanley Sufficool wrote:
On Fri, Nov 19, 2010 at 8:14 AM, Daniel Convissor
dani...@analysisandsolutions.com wrote:
On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote:
you can get
Hi:
On Fri, Nov 19, 2010 at 10:36:13PM -0800, Philip Olson wrote:
PHP 5.3
- Default (On)
- php.ini-development (Off)
- php.ini-production (Off)
- E_DEPRECATED error when On
The deprecated message is only thrown if you set magic quotes to on in a
php.ini file. If you're runnning with no
+1 for removing it.
On Wed, Nov 17, 2010 at 11:08 AM, Kalle Sommer Nielsen ka...@php.net wrote:
Greetings
I wanted to raise this topic before we go Alpha with trunk, regarding
our beloved magic_quotes feature. There seems to be mixed opinions
regarding it so I thought I would take it up for
Hi Johannes:
On Thu, Nov 18, 2010 at 05:25:49PM +0100, Johannes Schlter wrote:
2) Error out if using CGI or web SAPI and one of the following is true:
a) php.ini does not contain magic_quotes_gpc = Off
b) php.ini contains magic_quotes_runtime = On
c) php.ini contains
On Fri, Nov 19, 2010 at 4:17 PM, Daniel Convissor
dani...@analysisandsolutions.com wrote:
Hi Johannes:
On Thu, Nov 18, 2010 at 05:25:49PM +0100, Johannes Schlter wrote:
2) Error out if using CGI or web SAPI and one of the following is true:
a) php.ini does not contain
On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote:
you can get pwn3d with magic_quotes_gpc = On
That goes without saying. None the less, it will be problematic for PHP
to disable/remove a security feature that some people rely on.
--Dan
--
T H E A N A L Y S I S A N D S O
On Fri, Nov 19, 2010 at 8:14 AM, Daniel Convissor
dani...@analysisandsolutions.com wrote:
On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote:
you can get pwn3d with magic_quotes_gpc = On
That goes without saying. None the less, it will be problematic for PHP
to disable/remove a
On Nov 19, 2010, at 6:45 PM, Stanley Sufficool wrote:
On Fri, Nov 19, 2010 at 8:14 AM, Daniel Convissor
dani...@analysisandsolutions.com wrote:
On Fri, Nov 19, 2010 at 04:41:48PM +0100, Ferenc Kovacs wrote:
you can get pwn3d with magic_quotes_gpc = On
That goes without saying. None the
2010/11/18 Zeev Suraski z...@zend.com:
The voice of reason...
As much as I'd like to see magic quotes burning in hell (had the option to
kill them when they were small, but unfortunately didn't), I'm wondering
whether the people +1'ing are thinking about the potential consequences to
doing
On Thu, 2010-11-18 at 15:40 +0800, Adam Harvey wrote:
Yes, killing magic quotes will likely increase the support workload
for a time,
I don't think it would increase support workload. Most people won't
notice.
What happens is that applications which are _a bit_ secure now will
continue to run
...@schlueters.de]
Sent: 18 November 2010 09:51
To: Adam Harvey
Cc: Zeev Suraski; Larry Garfield; internals@lists.php.net
Subject: Re: [PHP-DEV] Magic quotes in trunk
On Thu, 2010-11-18 at 15:40 +0800, Adam Harvey wrote:
Yes, killing magic quotes will likely increase the support workload
On 17 November 2010 16:08, Kalle Sommer Nielsen ka...@php.net wrote:
Greetings
I wanted to raise this topic before we go Alpha with trunk, regarding
our beloved magic_quotes feature. There seems to be mixed opinions
regarding it so I thought I would take it up for discussion.
We have
On Thu, 2010-11-18 at 10:05 +, James Butler wrote:
Are the £1 hosting companies going to be using 5.4+ any time soon? I'm
still coming across hosts who still transition 4.X - 5.1/2.
I think these slow moving hosts are going to form a natural time delay
between any changes now and these
+1 for removal.
The issue is that those ho still use the soft witch relies on
magic_quotes are usually kind of people witch are just buying the
Indian code stuff and running it (and it has tons of exploits on it's
own - even with magic_quotes). No, really, I haven't seen the
magic_quotes stuff in
Hi
2010/11/18 Arvids Godjuks arvids.godj...@gmail.com:
There always will be people, who will whine about magic_quotes being
gone. Same as register_globals. BTW, will the register_globals will be
finally dropped too? ;)
I dropped a bunch of legacy features together with Pierrick during
this
On Nov 18, 2010, at 12:12 PM, Johannes Schlüter wrote:
Yes. We have to get rid of them! I was +1 for the old PHP 6 as that
breaks so much stuff that it is nowhere a drop in replacement. And as
such I'm happy to drop it in any release breaking lots of applications.
I'm not happy about dropping
2010/11/18 Johannes Schlüter johan...@schlueters.de:
One way might be dropping the old mysql extension. Then everybody has
to learn something else and while learning about that /might/ be reached
with further education.
As Jani noted, I think its a step in the right direction to also move
that
2010/11/17 Kalle Sommer Nielsen ka...@php.net:
Greetings
I wanted to raise this topic before we go Alpha with trunk, regarding
our beloved magic_quotes feature. There seems to be mixed opinions
regarding it so I thought I would take it up for discussion.
We have advised people not to use
On Thu, Nov 18, 2010 at 11:41 AM, Patrick ALLAERT patrickalla...@php.netwrote:
2010/11/17 Kalle Sommer Nielsen ka...@php.net:
Greetings
I wanted to raise this topic before we go Alpha with trunk, regarding
our beloved magic_quotes feature. There seems to be mixed opinions
regarding it
On Nov 18, 2010, at 12:41 PM, Patrick ALLAERT wrote:
Disabling it by default is the first mandatory step, [done] in PHP
5.3, magic_quotes_gpc has been turned off by default at the same time
as providing a -development and -production version of the php.ini
file.
AFAICT magic_quotes_gpc is
Of
Patrick ALLAERT
Sent: 18 November 2010 10:41
To: Kalle Sommer Nielsen
Cc: Internals
Subject: Re: [PHP-DEV] Magic quotes in trunk
2010/11/17 Kalle Sommer Nielsen ka...@php.net:
Greetings
I wanted to raise this topic before we go Alpha with trunk, regarding
our beloved magic_quotes feature
2010/11/18 Ferenc Kovacs i...@tyrael.hu:
by your logic, the same goes for register_globals and for the other
deprecated stuff, that we wanted to remove with the next major version.
maybe we should look this the other way around: if we agree that this things
have to go, and the only thing which
2010/11/18 Ferenc Kovacs i...@tyrael.hu:
by your logic, the same goes for register_globals and for the other
deprecated stuff, that we wanted to remove with the next major version.
maybe we should look this the other way around: if we agree that this things
have to go, and the only thing which
2010/11/18 Jani Taskinen jani.taski...@iki.fi:
On Nov 18, 2010, at 12:41 PM, Patrick ALLAERT wrote:
Disabling it by default is the first mandatory step, [done] in PHP
5.3, magic_quotes_gpc has been turned off by default at the same time
as providing a -development and -production version of
On Wed, Nov 17, 2010 at 11:40:37PM -0600, Larry Garfield wrote:
I won't miss magic quotes if they're removed, but I can see the argument for
saying not quite yet. Off-by-default is absolutely necessary if they're
kept. (Dear god, you mean they aren't off by default already?)
When opening
Hi,
On Thu, 2010-11-18 at 11:20 -0500, Daniel Convissor wrote:
Disabling magic quotes by default leads to the same confusion and security
issues as removing them completely.
ACK
But, we can remove magic quotes
completely if we add a fail safe mechanism. Here are two potential
On 11/18/10 8:25 AM, Johannes Schlüter wrote:
Hi,
On Thu, 2010-11-18 at 11:20 -0500, Daniel Convissor wrote:
Disabling magic quotes by default leads to the same confusion and security
issues as removing them completely.
ACK
But, we can remove magic quotes
completely if we add a
As I remember correctly - taint's are designed to be used while developing.
They can be used in production (and 4-5% performance hit for the
security isn't much until you run something really big), but mostly
people will test it out on dev and deploy on production without
taints.
Still, I'd like
On Thu, 2010-11-18 at 18:34 +0200, Arvids Godjuks wrote:
As I remember correctly - taint's are designed to be used while developing.
They can be used in production (and 4-5% performance hit for the
security isn't much until you run something really big), but mostly
people will test it out on
+1 Disabling magic quotes (off by default) and removing them in the next
major release.
Adam
--
Nephtali: PHP web framework that functions beautifully
http://nephtaliproject.com
On November-17-10 11:09 AM Kalle Sommer Nielsen wrote:
Greetings
I wanted to raise this topic before we go Alpha with trunk, regarding
our beloved magic_quotes feature. There seems to be mixed opinions
regarding it so I thought I would take it up for discussion.
We have advised people
On Wed, Nov 17, 2010 at 5:08 PM, Kalle Sommer Nielsen ka...@php.net wrote:
Greetings
I wanted to raise this topic before we go Alpha with trunk, regarding
our beloved magic_quotes feature. There seems to be mixed opinions
regarding it so I thought I would take it up for discussion.
We have
+1 for removing it in trunk
Pierrick
On 17 November 2010 11:08, Kalle Sommer Nielsen ka...@php.net wrote:
Greetings
I wanted to raise this topic before we go Alpha with trunk, regarding
our beloved magic_quotes feature. There seems to be mixed opinions
regarding it so I thought I would
Yeah,
+1 for remove!
-
Uwe Schindler
theta...@php.net - http://www.php.net
NSAPI SAPI developer
Bremen, Germany
-Original Message-
From: kalle@gmail.com [mailto:kalle@gmail.com] On Behalf Of Kalle
Sommer Nielsen
Sent: Wednesday, November 17, 2010 5:09 PM
To: Internals
My opinion is to remove them completely.
Big +1 from me. It is time for the feature to go.
Olivier (iPhone)
Le 2010-11-17 à 11:08, Kalle Sommer Nielsen ka...@php.net a écrit :
Greetings
My personal vote here goes towards removing them entirely.
What are your inputs on this matter?
--
+1 for removal,
magic quotes stopped being a 'good' thing to do back when I first learnt what
echo did.
Web hosts etc have plenty of version numbers to catch up on/upgrade too before
they get to this being a problem.
(well most anyway)
-Original Message-
From: ka...@php.net
On 18 November 2010 00:08, Kalle Sommer Nielsen ka...@php.net wrote:
What are your inputs on this matter?
+1 for removing magic quotes completely from trunk. Kill it with fire.
Adam
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
+1 for removal
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
+1 for removal
On Wed, Nov 17, 2010 at 10:50 PM, Stanley Sufficool ssuffic...@gmail.comwrote:
+1 for removal
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 11/17/2010 8:46 PM, Adam Harvey wrote:
On 18 November 2010 00:08, Kalle Sommer Nielsenka...@php.net wrote:
What are your inputs on this matter?
+1 for removing magic quotes completely from trunk. Kill it with fire.
Adam
+infinity. Burn baby burn. (Hudson Ford reference
What are your inputs on this matter?
I'm struggling with this topic. We must do something, but it's important to
understand that plenty of people unknowingly rely upon this security feature
that's still enabled by default. Granted 5.3 does generate E_DEPRECATED errors
when magical quotes are
On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote:
What are your inputs on this matter?
I'm struggling with this topic. We must do something, but it's important to
understand that plenty of people unknowingly rely upon this security
feature that's still enabled by default.
On Nov 17, 2010, at 9:40 PM, Larry Garfield wrote:
On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote:
What are your inputs on this matter?
I'm struggling with this topic. We must do something, but it's important to
understand that plenty of people unknowingly rely upon this
-Original Message-
From: Larry Garfield [mailto:la...@garfieldtech.com]
Sent: Thursday, November 18, 2010 7:41 AM
To: internals@lists.php.net
Subject: Re: [PHP-DEV] Magic quotes in trunk
On Wednesday, November 17, 2010 11:19:05 pm Philip Olson wrote:
What are your inputs
On 18 November 2010 15:22, Zeev Suraski z...@zend.com wrote:
As much as I'd like to see magic quotes burning in hell (had the option to
kill them when they were small, but unfortunately didn't), I'm wondering
whether the people +1'ing are thinking about the potential consequences to
doing
45 matches
Mail list logo