The following lines were added (+) and removed (-):
In PHP 5.4 and higher the short_open_tag=on directive applies to all short tags except <?= - the echo tag. Since PHP 5.4 and higher the short echo tag <?= is always available and not affected by the short_open_tag ini directive. In PHP 5.4 and higher the short_open_tag=on directive applies to all short tags except <?= - the echo tag. Since PHP 5.4 and higher the short echo tag <?= is always available and not affected by the short_open_tag ini directive. There is talk that short_open_tag and asp style tags will be DISABLED in PHP 6. Possible security risk? Byte-shifted code injectionPossible security risk? Byte-shifted code injection, see: https://nealpoole.com/blog/2010/07/php-security-tip-beware-the-opening-tags/see: https://nealpoole.com/blog/2010/07/php-security-tip-beware-the-opening-tags/Conclusion: Enabling short_open_tag does not necessarily mean that you will open a security hole. It is just that it may cause confusion for the parser when dealing with XML, and, you are using a coding practice long since discouraged and perhaps will someday soon no longer be supported.<nowiki>PHP <script> Tags</nowiki> - All PHP installations will parse PHP code written with the old HTML style PHP script tags. What is worse than than the short open tag is the HTML style legacy tag. <nowiki>PHP <script> Tags</nowiki> - All PHP installations will parse PHP code written with the old HTML style PHP script tags.