[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Should easter eggs be disabled in Debian's php packages?

PHP includes an easter egg. On any PHP page, one can add any of these after the .php part of the path in order to display special results:





They appear innocuous for browser use, doing things such as displaying the credits for PHP or a few static bitmaps. However if some web application consumes output from an API that's implemented in PHP, and if that application can be compelled to include these magic query arguments, these responses might produce undefined behavior.

Would it make sense to disable any easter eggs in the Debian PHP packages, or am I being a touch too paranoid and boring?

Reply to: