> Maybe we > should also point in the installation documentation to > http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors > which clearly states that display_errors should be disabled in > production systems good idea. I think we have a page with recommended PHP settings? > It would be a start and definitely eliminate the current problem, > however I have the impression that this problem also concerns some > plugins from looking at the output of a quick search in the plugins I > have installed here so just having a list of the parameters used in > core code doesn't solve the whole problem. Aye, but 3rd party plugins are always a problem we can't solve. > I don't know if it is really better, but we could introduce some > wrapper around _POST, _REQUEST, _GET etc. which takes as arguments the > name of the parameter, the method (get, post, any) and the expected > type, i.e. string, array, string_array (for an array of strings) and > mixed for cases when the check is done by the caller Actually I was thinking exactly the same, but wasn't sure if we want that. Now that you're suggesting it as well, I guess I go ahead and add it... So you might want to wait a couple of minutes until starting on the list. Andi -- splitbrain.org -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist