import_request_variables(): When will PHP stop being insecure by design?

Re Bugtraq post PHP import_request_variables() arbitrary variable overwrite. This sort of thing really brings it home how the PHP core team still don’t seem to really understand security… or would rather sacrifice it in the name of backwards, very backwards, compatibility. If you’re going to provide a function like import_request_variables() to replace the blatantly-unsafe register_globals, […]