PHP 'magic_quotes_gpc' Directive Security Bypass Weakness

while I agree that a feature not working as intended is a bad thing, magic_quotes_gpc also is a very, very bad idea, is deprecated for years and is going to be gone from PHP 5.4.

Also, it never worked right ever since PHP supported more than just MySQL and mSQL (and even for these databases it doesn't work any more, especially since the advent of Unicode)

In fact, it works so badly that projects usually go out of their way to turn this mis-feature off or work around it before even looking at input data.

As such, I really think this is not newsworthy enough because applications still relying on this mis-feature already have different issues anyways (and are likely not running on hosts that can/want to update PHP)