The following lines were added (+) and removed (-):
In PHP 5.4 and higher the short_open_tag=on directive applies to all short tags except <?= - the echo tag. Since PHP 5.4 and higher the short echo tag <?= is always available and not affected by the short_open_tag ini directive. In PHP 5.4 and higher the short_open_tag=on directive applies to all short tags except <?= - the echo tag. Since PHP 5.4 and higher the short echo tag <?= is always available and not affected by the short_open_tag ini directive. There is talk that short_open_tag and asp style tags will be DISABLED in PHP 6. Possible security risk? Byte-shifted code injection, see: https://nealpoole.com/blog/2010/07/php-security-tip-beware-the-opening-tags/ Conclusion: Enabling short_open_tag does not necessarily mean that you will open a security hole. It is just that it may cause confusion for the parser when dealing with XML, and, you are using a coding practice long since discouraged and perhaps will someday soon no longer be supported. What is worse than than the short open tag is the HTML style legacy tag. <nowiki>PHP <script> Tags</nowiki> - All PHP installations will parse PHP code written with the old HTML style PHP script tags.