Pierre-Alain Joye picked this one up last week, and it needs repeating. For PHP6 the following are already gone from CVS: Register globals, Magic quotes, Safe mode.

As blogged a while back, you'll find these changes discussed here. Nice use of carrot and stick in fact - for the pain on fixing your apps to run under PHP6, you get Unicode.

The other feature he's noticed pertains to the php.ini settings file that PHP uses:

Just noticed a new ini setting here: "allow_url_include - PHP_INI_SYSTEM Available since PHP 6.0.0." Excellent! That eliminates another major source of exploits (perhaps the biggest) have moaned about that before here and here.]]> Mon, 13 Mar 2006 07:31:38 -0600