Zhang Huangbin, > Will this replacement (untaint($opt)) the default one in next release? No, too dangerous. > Or we have to modify it manually every time? If you dare and know your mangling program very vweel. One may end up with a site password file in a disclaimer, if not very careful. Mark