PHP 5.3.0 marks magic_quotes_gpc as deprecated: http://php.net/manual/en/security.magicquotes.php So, in my opinnion, default php.ini should not be emerged with that feature enabled, since default php packages (the one that you manually build) doesnt have it enabled. Reproducible: Always Steps to Reproduce: 1.emerge php 2. check the php.ini file Actual Results: It should be turned Off? Expected Results: Feature disabled
Note that PHP ships with two php.ini files, one for development and one for production. The one we use currently is the one for production. I can for certain say that we do not actively enable magic_quotes, but the production version of the php.ini file probably should have that feature enabled by default in order to avoid breakage on production servers. There is a general conflict of interests between people using PHP on Gentoo for development (who want all the old, broken and deprecated stuff off) and for production use (who want all kind of output logging off, but short_open_tags etc on). Personally I feel that stuff like magic quotes should be gone, but others might disagree. At some point, the PHP team need to come up with what kind of PHP usage we want to support out of the box.
Are you sure that the enabled magic_quotes is not some leftover of an unmerged config file? I can find no signs of our PHP ebuilds ever setting this param.
I've never modify that in my php.ini, also, a friend of mine installed Gentoo from scratch, using handbook and emerge php, and he also have it enabled. He did the install a few days ago and never updated the php package because it was a 1-time emerge. (PHP 5.3.x)
