

PHP 'magic_quotes_gpc' Directive Security Bypass Weakness - hm2k
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0831

======
pilif
while I agree that a feature not working as intended is a bad thing,
magic_quotes_gpc also is a very, very bad idea, is deprecated for years and is
going to be gone from PHP 5.4.

Also, it never worked right ever since PHP supported more than just MySQL and
mSQL (and even for these databases it doesn't work any more, especially since
the advent of Unicode)

In fact, it works so badly that projects usually go out of their way to turn
this mis-feature off or work around it before even looking at input data.

As such, I really think this is not newsworthy enough because applications
still relying on this mis-feature already have different issues anyways (and
are likely not running on hosts that can/want to update PHP)

