On Monday 10 September 2007 02:43:52 pm Pierre wrote:On 9/10/07, Lester Caine wrote:
PLEASE can we have an assessment of how this new list of features will
affect users porting from PHP4 rather than simply assuming that this is
just a simple 'upgrade' from PHP5.2.X.
As discussion has already been shouted down on the vote list ... we have
to get people to convert *TO* PHP5 before PHP6 becomes practical. Lets
not create yet another roadblock in that path :(
If you fear a magic_quotes GPC and register globals removal, you can
sleep quiet. It is not going to happen. I wonder why it is the poll as
it can't be made in 5.3, in no way, even if we all dream about that :)
Removing register_globals can be worked around using a one line patch (->
import_request_vars) so the break would be minimal but I don't think we win
that much from removing that setting
Removing magic_quotes has an easy fix, too but there I see more problems:
Quite many people have the default value "On" and their applications
therefore are, by accident, a bit more secure (no, they won't be safe, I
know) removing , magic_quotes without flooding people without that
information would create many holes without people realizing. Therefore such
a change can imo only be done in a major version change like 5 -> 6 where
people expect more stuff to break.
As a sidenote:
Maybe interesting for this discussion: I have some statstics about such
settings on hosts running some average PHP application (phpMyFAQ). These
information is collected from the application's installer and can then be
reported to the phpMyFAQ developers. The relevant information here is this
chart showing the percentage of systems using the mentioned settings by PHP
version:
http://phpmyfaq.de/stats/svg/settings_20070910160921.pngOf course that's no complete picture of the situation but some indication that
r_g isn't used that much anymore but magic_quotes is. (Please keep in mind
that theses stats are counting only people who agreed sending the
information, it also includes people using test systems and you can
absolutely forget the 4.3 information -> by far not enough hosts using
phMyFAQ using that version)
My personal conclusion: Removing these doesn't really bring benefits for us
but might make problems for users since they don't expect such changes
(especially magic_quotes...as sad as it is...) in a minor release.
johannes
