On Thu, 9 Feb 2006, Thomas -Balu- Walter wrote:
On Wed, Feb 08, 2006 at 03:35:35PM +0100, Florian Sperber wrote:
if rc detects magic_quotes_gpc=on always do the workaround and display always a warning but with a hint, where to deactivate this warning. This way we spread the information about the magic_quotes problem and reduce support questions.
Problem is that many scripts rely on magic_quotes_gpc=on. Even most PHP sites say that magic_quotes is a very important setting, because it helps avoiding security problems in scripts (which is totally wrong :-/).
If you tell people to switch that off, they might get problems with other scripts.
They can always have diferent settings for diferent directory definitions in the web server.
As I said before, magic_quotes is a very bad thing, and security must come from the programmer, not an automatic quoter.
-- 10:20:01 up 17 days, 16:05, 1 user, load average: 0.02, 0.02, 0.00
Lic. Martín Marqués | SELECT 'mmarques' || Centro de Telemática | '@' || 'unl.edu.ar'; Universidad Nacional | DBA, Programador, del Litoral | Administrador