Hi Bogdan,
-Original Message-
From: Andone, Bogdan [mailto:bogdan.and...@intel.com]
Sent: Wednesday, July 29, 2015 4:22 PM
To: internals@lists.php.net
Subject: [PHP-DEV] Introduction and some opcache SSE related stuff
Hi Guys,
My name is Bogdan Andone and I work for Intel in
On 30 Jul 2015, at 13:14, Joe Watkins pthre...@pthreads.org wrote:
I find myself agreeing with Pierre; The wrong signal would be sent. History
should teach us there is no such thing as (a) safe mode.
Hi Joe,
Please can you read my proposal (see the email you just replied to, also
Hey:
On Thu, Jul 30, 2015 at 8:24 PM, Joe Watkins pthre...@pthreads.org wrote:
Hi Andone,
I'm not sure why nobody has replied to you yet, we've all looked at the
PR and spent a lot of the day yesterday discussing it.
I've CC'd Dmitry, he doesn't always read internals, so this
On 7/29/15 6:01 PM, Stanislav Malyshev wrote:
Hi!
Currently, PHP by default is vulnerable to XXE attacks:
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
To bypass this, you need to turn off external entity loading:
libxml_disable_entity_loader(true);
AFAIR right now,
2015-07-30 14:42 GMT+02:00 Andone, Bogdan bogdan.and...@intel.com:
-Original Message-
From: Niklas Keller [mailto:m...@kelunik.com]
Sent: Thursday, July 30, 2015 1:47 PM
To: Pierre Joye
Cc: lp_benchmark_robot; PHP internals; l...@lists.01.org
Subject: Re: [PHP-DEV] Benchmark
-Original Message-
From: Niklas Keller [mailto:m...@kelunik.com]
Sent: Thursday, July 30, 2015 1:47 PM
To: Pierre Joye
Cc: lp_benchmark_robot; PHP internals; l...@lists.01.org
Subject: Re: [PHP-DEV] Benchmark Results for PHP Master 2015-07-30
2015-07-30 11:57 GMT+02:00 Pierre Joye
I find myself agreeing with Pierre; The wrong signal would be sent. History
should teach us there is no such thing as (a) safe mode.
Xinchen did used to work on a taint extension, I wonder why that was
stopped ?
Worth noticing that the extension is rather complex, touching many parts of
the
Hey:
On Thu, Jul 30, 2015 at 8:14 PM, Joe Watkins pthre...@pthreads.org wrote:
I find myself agreeing with Pierre; The wrong signal would be sent. History
should teach us there is no such thing as (a) safe mode.
Xinchen did used to work on a taint extension, I wonder why that was
stopped ?
Hi Andone,
I'm not sure why nobody has replied to you yet, we've all looked at the
PR and spent a lot of the day yesterday discussing it.
I've CC'd Dmitry, he doesn't always read internals, so this should get
his attention.
Lastly, very cool ... I look forward to some more
On Thu, 30 Jul 2015, Ferenc Kovacs wrote:
On Sun, Feb 22, 2015 at 11:30 PM, Nikita Popov nikita@gmail.com wrote:
I would like to propose reclassifying our few existing E_STRICT
notices and removing this error category:
https://wiki.php.net/rfc/reclassify_e_strict
As we
On 30 Jul 2015, at 16:24, Scott Arciszewski sc...@paragonie.com wrote:
Just because the solution is known doesn't mean it's known to everyone.
Yes, and if you could just read what I was suggesting, rather than looking at
the subject of this email (and the suggestion by Matt), then you will
Rob Richards wrote on 30/07/2015 14:12:
If you are already working with a trusted document then you should
safely be able to disable the entity loader. If you aren't then
wouldn't you want to do some sort of checking (especially if you dont
have an XML gateway fronting the system) for other
On Thu, Jul 30, 2015 at 11:20 AM, Craig Francis
cr...@craigfrancis.co.uk wrote:
On 30 Jul 2015, at 14:43, Scott Arciszewski sc...@paragonie.com wrote:
This may have been true at one point in time, but my own experience
and the statistics collected by Dan Kaminsky of White Hat Security
Hi Bogdan,
On Wed, Jul 29, 2015 at 5:22 PM, Andone, Bogdan bogdan.and...@intel.com
wrote:
Hi Guys,
My name is Bogdan Andone and I work for Intel in the area of SW
performance analysis and optimizations.
We would like to actively contribute to Zend PHP project and to involve
ourselves in
On 30 Jul 2015, at 16:26, Ronald Chmara rona...@gmail.com wrote:
Perhaps I have missed something in this discussion
I think you have... my email from a couple of weeks ago was ignored... so I
replied to Matt's suggestion (which is similar, but different).
Please, just spend a few minutes
On 30 Jul 2015, at 13:47, Xinchen Hui larue...@php.net wrote:
anyway, with PHP7's new zend_string, and string flags, the
implementation will become easier.
Hi Xinchen,
Glad to hear that you are still looking into this... please let me know if
there is anything I can do to help
On 30 Jul 2015, at 14:43, Scott Arciszewski sc...@paragonie.com wrote:
This may have been true at one point in time, but my own experience
and the statistics collected by Dan Kaminsky of White Hat Security
indicates that Cross-Site Scripting vulnerabilities are much more
prevalent in 2015
Perhaps I have missed something in this discussion where such a change to
PHP does not break every single application that is supposed to pass raw,
user submitted, SQL *without* getting prepared/nerfed, or warned about, by
intentional application design.
If we're just limiting the nerfing for
On Jul 30, 2015 2:27 PM, Niklas Keller m...@kelunik.com wrote:
I prefer Exception, too, because it's I/O related.
@Scott: You can open votes on everything, doesn't matter, just create a
page with a vote.
I just don't know where to put it in the wiki, because it's not a RFC.
Regards, Niklas
Stas,
On Thu, Jul 30, 2015 at 2:57 PM, Stanislav Malyshev smalys...@gmail.com wrote:
Hi!
The problem here is that imagine the following:
I think if we separate the loading the initial file (i.e., staring point
of the XML parser) and the loading the entities from that file (which is
not
On 7/30/15 10:30 AM, Rowan Collins wrote:
Rob Richards wrote on 30/07/2015 14:12:
If you are already working with a trusted document then you should
safely be able to disable the entity loader. If you aren't then
wouldn't you want to do some sort of checking (especially if you dont
have an
On 7/30/15 2:57 PM, Stanislav Malyshev wrote:
Hi!
The problem here is that imagine the following:
I think if we separate the loading the initial file (i.e., staring point
of the XML parser) and the loading the entities from that file (which is
not happening right now) we'd solve many BC
On 30 July 2015 19:25:47 BST, Anthony Ferrara ircmax...@gmail.com wrote:
I thought SOAP was dead already.
Tell that to the Enterprises who drag and drop in Visual Studio to create
useless wrappers around hand-written XML because that's their definition of
web service. :P
I don't fully
On 30 July 2015 21:35:01 BST, Rob Richards rricha...@cdatazone.org wrote:
On 7/30/15 10:30 AM, Rowan Collins wrote:
Rob Richards wrote on 30/07/2015 14:12:
If you are already working with a trusted document then you should
safely be able to disable the entity loader. If you aren't then
On Jul 31, 2015 2:12 AM, Matt Wilmas php_li...@realplain.com wrote:
Hi Dmitry, Bogdan,
- Original Message -
From: Dmitry Stogov
Sent: Thursday, July 30, 2015
Hi Bogdan,
On Wed, Jul 29, 2015 at 5:22 PM, Andone, Bogdan bogdan.and...@intel.com
wrote:
Hi Guys,
My name is Bogdan
On 29/07/15 16:11, Craig Francis wrote:
I completely disagree... prepared statements are just as vulnerable, and so
are ORM's.
You can push developers towards these solutions, and that would be good, but
you are completely blind if you think an uneducated developer won't do:
if
Results for project php-src-nightly, build date 2015-07-30 05:00:00+03:00
commit: ae1a4f47e6bd9f8d1d969e5080dae60136d7444b
revision_date:2015-07-29 21:00:43+02:00
environment: Haswell-EP
cpu: Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2,
LLC 45 MB
On Mon, Jul 27, 2015 at 2:03 PM, Anthony Ferrara ircmax...@gmail.com wrote:
Rowan,
This is certainly some people's concern, but Anatol has raised a subtly
different consistency-related point, which is this:
Since we have no policy for what kinds of Throwable should be emitted in
what
2015-07-30 19:12 GMT+02:00 Scott Arciszewski sc...@paragonie.com:
On Mon, Jul 27, 2015 at 2:03 PM, Anthony Ferrara ircmax...@gmail.com
wrote:
Rowan,
This is certainly some people's concern, but Anatol has raised a subtly
different consistency-related point, which is this:
Since we
Hello :-),
Huge +1 from the [Hoa] community. We have already disabled it by default
since a long time. However, could it introduce potential regressions (BC
breaks)? I guess yes. So I would go for PHP7.0 instead of PHP7.1.
Cheers!
[Hoa]: http://hoa-project.net/
On 29/07/15 22:37, Anthony
Even if some of those people replying haven't read or don't understand what
you are suggesting, it is not a good tactic to assume that and reply with
read the RFC.
There is a good chance the majority of the people replying have read the
RFC, and found reason to be negative, reserved, cautious, or
Anatol Belski wrote:
-Original Message-
From: Pierre Joye [mailto:pierre@gmail.com]
Sent: Wednesday, July 29, 2015 11:01 PM
To: Anthony Ferrara ircmax...@gmail.com
Cc: PHP internals internals@lists.php.net
Subject: Re: [PHP-DEV] Disabling External Entities in libxml By Default
Hello
Disabling this will (at least for me) cause SOAP related stuff to stop
working as it was expected to work before!
?php
$wsdl = https://www.some.tld/soap.php?wsdl;;
$soap = SoapServer($wsdl, array());
wsdl:
?xml version=1.0 encoding=utf-8?
wsdl:definitions
On 30/07/2015 11:12 pm, Niklas Keller wrote:
2015-07-30 14:42 GMT+02:00 Andone, Bogdan bogdan.and...@intel.com:
-Original Message-
From: Niklas Keller [mailto:m...@kelunik.com]
Sent: Thursday, July 30, 2015 1:47 PM
To: Pierre Joye
Cc: lp_benchmark_robot; PHP internals;
Hi Dmitry, Bogdan,
- Original Message -
From: Dmitry Stogov
Sent: Thursday, July 30, 2015
Hi Bogdan,
On Wed, Jul 29, 2015 at 5:22 PM, Andone, Bogdan bogdan.and...@intel.com
wrote:
Hi Guys,
My name is Bogdan Andone and I work for Intel in the area of SW
performance analysis and
Hi!
The problem here is that imagine the following:
I think if we separate the loading the initial file (i.e., staring point
of the XML parser) and the loading the entities from that file (which is
not happening right now) we'd solve many BC problems. Not sure about
SOAP, but many others for
2015-07-30 11:57 GMT+02:00 Pierre Joye pierre@gmail.com:
Hi,
Does someone has a contact there?
It would be nicer to have these results combined with what we pushed on
qa.php.net as well.
Cheers,
Pierre
Thought about that as well, results per mail aren't that useful, especially
as
Hi,
Does someone has a contact there?
It would be nicer to have these results combined with what we pushed on
qa.php.net as well.
Cheers,
Pierre
On Jul 30, 2015 3:29 PM, lp_benchmark_robot lp_benchmark_ro...@intel.com
wrote:
Results for project php-src-nightly, build date 2015-07-30
On Sun, Feb 22, 2015 at 11:30 PM, Nikita Popov nikita@gmail.com wrote:
Hi internals!
I would like to propose reclassifying our few existing E_STRICT notices and
removing this error category:
https://wiki.php.net/rfc/reclassify_e_strict
As we don't really have good guidelines on
On Thu, Jul 30, 2015 at 1:25 AM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
Hi all,
On Thu, Jul 30, 2015 at 7:44 AM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
On Thu, Jul 30, 2015 at 1:13 AM, Nikita Popov nikita@gmail.com
wrote:
Instead of continuing to use serialize_precision, which will
On 30 Jul 2015, at 08:24, Lester Caine les...@lsces.co.uk wrote:
But that is a perfect example of what I am talking about. You do not
educate people by publishing the very thing that is wrong. You educate
them by pointing out to them WHY the '?' was there in the first place.
I completely
41 matches
Mail list logo