Opened 18 years ago
Closed 14 years ago
#3093 closed defect (bug) (invalid)
WP should revert anything done by filter in newer PHP versions.
Reported by: | masquerade | Owned by: | markjaquith |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Administration | Keywords: | 2nd-opinion |
Focuses: | Cc: |
Description
Just as we do with magic_quotes, we should check the default filter for the new filter extension that is enabled by default in PHP 5.2. The default filter is unsafe_raw, but hosts will quickly change it when they see "unsafe_raw" as a setting.
Change History (14)
#3
@
17 years ago
Should work for now, although I wouldn't guarantee its future compatibility. There's been a whisper of talk of removing the superglobals altogether. No more GET POST SESSION COOKIE SERVER. This should work for now, though, and likely for another year or so to come.
#5
@
17 years ago
I doubt the legitimately, of the removal of Superglobals.
If you are going to check for filter extension, why not just use the functions instead, if they exist? It is a great extension and would be great usage for replacing the current filters in WordPress.
#7
@
16 years ago
- Milestone changed from 2.5 to 2.6
Moving to 2.6
2.5 Feature Frozen.
This will need lots of testing.
#8
@
16 years ago
I propose a new WordPress filter library, which uses and standardizes the current filter code and tries to use the Filter extension if available, and falls back to PHP implementation if Filter library is not available.
#9
@
16 years ago
I'll probably do this sometime in the Fall if no one else steps up and fixes this issue.
#10
@
15 years ago
trouble with a filter library meant to replace that of php is, if php doesn't fix a security hole in their own library (as happens on occasion) or if hosts don't upgrade php (as happens very frequently), then you leave security holes behind that you cannot easily fix.
Serendipity has this code to deal with ext/filter:
It is BSD licensed (the 3-clause GPL-compatible version), so that snippet would have to include this line:
I think the first block is for CVS versions of PHP... so we might be able to yank that and just use the second block which appears to be based on the final version.
Masquerade, you keep pretty close tabs on cutting edge PHP development... how does the above look to you?