Simetrical wrote:
On Sun, Jun 15, 2008 at 12:55 PM, Tim Starling
<tstarling(a)wikimedia.org> wrote:
If it works perfectly well, then why were there
so many vulnerable files?
Well, there aren't in core, as you said, where autoloading is used.
So it seems to be a perfectly acceptable substitute to using .inc
files.
Well, I said, autoloading was *part* of the reason why the core was free
of vulnerabilities. The other part is that it's heavily reviewed. There
were register_globals vulnerabilities in the core in the past, even after
migration to autoloading, but they were found and removed.
-- Tim Starling