headers
Marc Easen | 9 Feb 22:36
Picon
Gravatar

[PHP-DEV] Bug #61033 __FUNCTION__ doesn't report correctly in alias trait methods

Hello everyone,

I've recently came across an odd situation where __FUNCTION__ can 
produce a misleading results when using traits with aliased methods, see 
https://bugs.php.net/bug.php?id=61033. 
<https://bugs.php.net/bug.php?id=61033>
This has been closed and I've been asked start a discussion on here if I 
disagree with the ruling. The reason why I feel this should be changes 
to reflect the actual called function name is that one of main uses of 
the __FUNCTION__ constant it to refer back to the function that is 
currently running, for the use recursive functions:

trait FooTrait {
     public function foo($n) {
         if ($n == 0) return;
         echo $n . PHP_EOL;
         $function = __FUNCTION__;
         $this->$function(--$n);
     }
}

class MyClass {
     use FooTrait { foo as public countdown; }
     public function foo() {
         echo 'MyClass::foo()';
     }
}

$instance = new MyClass();
$instance->countdown(3);
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ondřej Surý | 9 Feb 00:35
Gravatar

[PHP-DEV] Security risk how to use find recommended in php.ini-*

This is very wrong to recommend:

; NOTE: If you are using the subdirectory option for storing session files
[...]
;          find /path/to/sessions -cmin +24 | xargs rm

because it is prone to '\n' attack. You can see the security
considerations of GNU find.

Much better would be:

find /path/to/sessions -cmin +24 -delete
or at least
find /path/to/sessions -cmin +24 -execdir rm "{}" \; (GNU find)

The most error-prone way is something we cooked up in Debian:

find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f
-ignore_readdir_race -cmin +24 ! -execdir fuser -s {} 2>/dev/null \;
-delete

which depends on fuser at least version 22.15 (which has removed
fork() call which was able to swamp up whole system with zombies).

The fuser call checks if the session file is still in use, because the
script was deleting still active sessions opened 24+ mins ago.

O.
--

-- 
Ondřej Surý <ondrej <at> sury.org>
(Continue reading)

Permalink | Reply | 3 comments |
headers
Laruence | 8 Feb 15:23
Picon
Gravatar

[PHP-DEV] Is it possible to create a php-general.zh maillist?

Rasums:

     there are more and more php developers in china,  and we all
speak chinese,

     so could we create a maillist for chinese(php-general.zh), there
are already general.es and bg.

     if yes, I will be volunteer to spread it, and also I will spend a
lot of time to answer the question in that mailist.

thanks very much.

-- 
Laruence  Xinchen Hui
http://www.laruence.com/

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 1 comment |
headers
Rasmus Lerdorf | 6 Feb 18:55

[PHP-DEV] latest libpcre breaks the build

Heads up RMs. We need to apply the patch attached to this bug:

https://bugs.php.net/bug.php?id=60986&edit=1

to 5.3/5.4/trunk. We switched to pcre_fullinfo() in most places already,
but there is that one spot left. It is essentially a one-liner and it
doesn't change any functionality since pcre_fullinfo() does exactly the
same thing as pcre_info() when called with NULL,NULL,NULL.
I have tested the patch and no tests are broken by it.

-Rasmus

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 1 comment |
headers
Stefan Esser | 6 Feb 17:44
Picon

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds

Hi,

considering that I am the antichrist and eat little children it maybe is better to quote Lord Voldemort
instead of Harry Potter.
"Don't you turn your back on me Harry Potter, I want you to look at me when I kill you, I want to see the light
leave your eyes"

Back to serious.

it is nice Reindl that you defend me, but you will not convince people like MM.
And you don't have to. Suhosin is not a religion or a Harry Potter movie. If he does not trust me, then he is free
to not use it.

No one forces anyone to do anything. At least not from my side.
Beside the fact that Suhosin is open source and he can audit it himself, or is he not qualified to do it?

I explained on Twitter that I would be pretty stupid to try to hide security bugs, because there are enough
people out there that would see this and use it to clown me.

Regards,
Stefan

Am 06.02.2012 um 17:22 schrieb Reindl Harald:

> 
> 
> Am 06.02.2012 17:10, schrieb Michael Morris:
>> 
>> 
>> On Mon, Feb 6, 2012 at 10:32 AM, Reindl Harald <h.reindl <at> thelounge.net
(Continue reading)

Permalink | Reply | 0 comments |
headers
Reindl Harald | 6 Feb 17:22
Favicon

Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds


Am 06.02.2012 17:10, schrieb Michael Morris:
> 
> 
> On Mon, Feb 6, 2012 at 10:32 AM, Reindl Harald <h.reindl <at> thelounge.net
<mailto:h.reindl <at> thelounge.net>> wrote:
> 
>     first: do not top-post if you get a reply below
> 
>     second:
>     in the context of suhosin "when mistakes get made by such a person,
>     they are hidden away rather than honestly reported" is bullshit
>     at it's best
> 
>     * look at the disclosure below
>     * look at the author
>     * look at the way it was made
> 
>     if only 10% of developers would work like Stefan most software
>     out there would be much better as it is and was all the last years
>     and if someone has this attitude and knowledge is see no single
>     problem and understand fully that he is frustrated
>     _______________
> 
>     Author: Stefan Esser [stefan.esser[at]sektioneins.de <http://sektioneins.de>]
> 
>     Disclosure Timeline:
>      12. January 2012 - Vulnerability was found during an internal audit
>      14. January 2012 - Vulnerability was fixed in the source code
>      19. January 2012 - Public Disclosure
(Continue reading)

Permalink | Reply | 5 comments |
headers
Sebastian Bergmann | 5 Feb 20:53
Picon
Gravatar

[PHP-DEV] Static Analysis of PHP_5_4 with CLANG

 http://clang-php54.phpunit.de/ might be of interest to some.
 http://bit.ly/u06eCD has details of how to produce this report.

-- 
Sebastian Bergmann                    Co-Founder and Principal Consultant
http://sebastian-bergmann.de/                           http://thePHP.cc/

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 7 comments |
headers
Ferenc Kovacs | 5 Feb 17:36
Picon
Gravatar

[PHP-DEV] Re: test fixes in 5.4

On Sun, Feb 5, 2012 at 5:23 PM, Rasmus Lerdorf <rasmus <at> lerdorf.com> wrote:

> On 02/05/2012 02:49 AM, Ferenc Kovacs wrote:
> > Hi Rasmus,
> >
> > I see that you are fixing tests in the 5.4 branch, however I was told by
> > Stas that I should hold my test fixes until the release:
> > http://www.mail-archive.com/internals <at> lists.php.net/msg55515.html
> > I would think that fixing failing tests should be ok even this late in
> > the release process.
> > Worst case scenario somebody borks a test or two.
>
> Hrm, I didn't notice that request to hold test fixes as well. I have
> been going through the reported test failures from people sending them
> in from the 5.4 RCs and fixing the obvious ones that I can reproduce
> myself. I don't think fixing test cases is a destabilizing action, even
> if we completely mess up a test, that has already been reported as
> failing by many people, we are no worse off than before.
>
> -Rasmus
>

yeah, same opinion here.
ps: I forgot to cc the list in my first email, I've done it now.

--

-- 
Ferenc Kovács
@Tyr43l - http://tyrael.hu
Permalink | Reply | 0 comments |
headers
Nikita Popov | 5 Feb 15:59

[PHP-DEV] [RFC] Deprecate and remove /e modifier from preg_replace

Hi internals!

I have written an RFC that proposes to *deprecate* and *remove* the /e modifier:

https://wiki.php.net/rfc/remove_preg_replace_eval_modifier

Comments welcome!

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 21 comments |
headers
Clint M Priest | 4 Feb 22:06

[PHP-DEV] Patch for bug60978

Could someone review and include?

https://bugs.php.net/bug.php?id=60978

-Clint
Permalink | Reply | 0 comments |
headers
Lester Caine | 4 Feb 21:26
Picon
Favicon

[PHP-DEV] When is PHP6 Beta going to be available ;)

I'm just looking into my annual dedicated server update since it's the only way 
to get the current contract prices, and I find that ! and 1 are still 
advertising support for PHP6 Beta :) I wonder how many more ISP's are keeping up 
with them ...

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk//
Firebird - http://www.firebirdsql.org/index.php

--

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Permalink | Reply | 8 comments |

Gmane