I think the argument about crashing php because it used recursive function is a total crap.
There was a 'security fix' recently (the max_input_nesting_level INI setting) to fix exactly that, and no Ilia was not the one who reported it nor fixed it:
 Added "max_input_nesting_level" php.ini option to limit
 nesting level of input variables. Fix for MOPB-03-2007. (Stas).

And the code on the slide is worse AFAICT, it doesn't deal with arrays nor $_REQUEST at all, so AFAICT it introduces security issues, not fixes them.


Ilia: please have a look at the example and clarify if needed..

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.