At least they are consistent

Posted May 4, 2012 1:03 UTC (Fri) by jmayer (guest, #595)
Parent article: An important PHP security update

The people who brought you this beautiful feature also brought you this. Referenced here, which in turn was referenced on lwn.

At least they are consistent

Posted May 4, 2012 17:59 UTC (Fri) by drag (guest, #31333) [Link]

What's more is that they actually had code in place to properly protect against this sort of attack in 2004, but removed it.

A developer realized that the protection against this sort of attack was interfering with some of the regression tests so he deleted it. Nobody replied to his email explaining why the code check was needed.

Really bizarre stuff.