29 Jan
2006
29 Jan
'06
11:11 p.m.
Karoly Negyesi wrote:
On Sun, 29 Jan 2006 21:32:46 +0100, Raven Brooks <raven.brooks@buyblue.org> wrote:
Why is the existing option to disable this or limit it to certain roles not sufficient?
Because it takes exactly one badly written module to unleash hell. Yes, it happened in the past.
Removing this filter is not going to fix *that* problem. Without the PHP filter, I can still write a completely broken module that will unleash hell. This is a good reason for having a quality module evaluation scheme. Don't use modules that are poorly written if you want security. ..chrisxj