Simetrical wrote:
On Sun, Jun 15, 2008 at 12:55 PM, Tim Starling tstarling@wikimedia.org wrote:
If it works perfectly well, then why were there so many vulnerable files?
Well, there aren't in core, as you said, where autoloading is used. So it seems to be a perfectly acceptable substitute to using .inc files.
Well, I said, autoloading was *part* of the reason why the core was free of vulnerabilities. The other part is that it's heavily reviewed. There were register_globals vulnerabilities in the core in the past, even after migration to autoloading, but they were found and removed.
-- Tim Starling