php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #15497 New Security Features
Submitted: 2002-02-11 01:56 UTC Modified: 2002-02-11 02:51 UTC
From: v dot puttrich at digitalliquid dot de Assigned:
Status: Closed Package: Feature/Change Request
PHP Version: 4.1.1 OS: Any
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: v dot puttrich at digitalliquid dot de
New email:
PHP Version: OS:

 

 [2002-02-11 01:56 UTC] v dot puttrich at digitalliquid dot de 
Hi,

since 4.1.0 you announced the new security feature for passing variables to a script. You said the new feature will be optional for a limited time only, then you will make the new feature the default for handling passed variables. The old, unsecure handling, will not be possible then. 
If that is true, me, and many other PHP-Developers, will have major problems. I have hundreds of scripts to change. It would take ages to change them to work on the new PHP. It would not be a problem if all the providers keep an old version of PHP. But the truth is, they frequently make updates of PHP.

I would really recommend you to leave the new security feature optional!

My main provider informed me to apply appropriate changes to my scripts as soon as possible. So this note was written with some kind of panic in my eyes ;)

Thanx for reading this...

Volker Puttrich
Director for Webdevelopment
DigialLiquid
New Media Network

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-11 02:51 UTC] mfischer@php.net 
No you got it wrong. The new 'way' of accessing variables coming from the 'outer' scope is recommended.

This does NOT mean they old way will be deprecated! I think Rasmus would kick everyones asses if this would be changed.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Aug 18 09:00:02 2025 UTC