Re: [PHP-DEV] FFI in PHAR files

On Fri, Sep 8, 2023 at 2:33 PM Vinicius Dias wrote: > I was playing around with some libraries using FFI and I wanted to > share a .phar with the result, but to my surprise, it didn't work. > > Apparently we are not able to load shared libraries using FFI from > within .phar files. > Is that the

Re: [PHP-DEV] Changes to Git commit workflow

On Thu, Apr 1, 2021 at 12:24 PM Sara Golemon wrote: > On Thu, Apr 1, 2021 at 11:19 AM Rowan Tommins > wrote: > > > On 01/04/2021 15:59, Sara Golemon wrote: > > > On Thu, Apr 1, 2021 at 9:21 AM Bishop Bettini > > <mailto:bis...@php.net>> wr

Re: [PHP-DEV] Changes to Git commit workflow

On Thu, Apr 1, 2021 at 11:32 AM Christoph M. Becker wrote: > On 01.04.2021 at 17:09, Kalle Sommer Nielsen wrote: > > > Den tor. 1. apr. 2021 kl. 07.55 skrev Bishop Bettini : > > > >> I've documented why we need signing, and how to set it up: > >> > >

Re: [PHP-DEV] Changes to Git commit workflow

On Thu, Apr 1, 2021 at 9:22 AM Rowan Tommins wrote: > On 01/04/2021 05:54, Bishop Bettini wrote: > > I've documented why we need signing, and how to set it up: > > > > https://wiki.php.net/vcs/commit-signing > > > > Feedback welcomed! > > > This looks gr

Re: [PHP-DEV] Changes to Git commit workflow

On Sun, Mar 28, 2021 at 8:16 PM Sara Golemon wrote: > On Sun, Mar 28, 2021 at 6:57 PM Paul Crovella > wrote: > > > You might consider requiring commits be signed while you're at it. > > > > > I suggested this as well, and even if we don't require it, we should > STRONGLY encourage it. > > I've

Re: [PHP-DEV] phar command

On Mon, Nov 30, 2020 at 10:56 AM Nikita Popov wrote: > > The PHP build system currently produces a "phar" command. See > http://manpages.ubuntu.com/manpages/xenial/en/man1/phar7.0.1.html for a > man > page. > > Apart from changes to keep it working, the last time its implementation was > touched

[PHP-DEV] Re: Including "Disable the ability to use concrete types in PHAR metadata" in PHP 8.0?

this. > (but it seems safe enough for any minor version) > > Various blog posts have been written explaining the resulting > vulnerabilities, > such as > https://www.ixiacom.com/company/blog/exploiting-php-phar-deserialization-vulnerabilities-part-1 > > This change was previous

Re: [PHP-DEV] [VOTE] Compact Object Property Assignment

On Wed, Apr 1, 2020 at 1:07 PM Jakob Givoni wrote: > > It seems to me it's pretty obvious it's not about the syntax anyway - > nothing would please the people who find COPA useless and any syntax > would be great for people who find it useful! > Anything in between just feels like discussing

Re: [PHP-DEV] Require non-absolute trait method references to be unambiguous

On Tue, Mar 3, 2020 at 9:11 AM Nikita Popov wrote: > Currently, when writing something like > > use T1, T2 { > func as renamedFunc; > } > > where both T1::func() and T2::func() exist, we silently allow this and just > assume that it is referring to T1::func(). See

Re: [PHP-DEV] Deprecate ReflectionParameter::isArray() and friends

On Tue, Feb 25, 2020 at 10:33 AM Nikita Popov wrote: > I've put up https://github.com/php/php-src/pull/5209 to deprecate the > following reflection methods: > > * ReflectionParameter::isArray() > * ReflectionParameter::isCallable() > * ReflectionParameter::getClass() > > These APIs have been

Re: [PHP-DEV] Re: Straw poll: Places to allow function calls in constant expressions

On Wed, Feb 19, 2020 at 12:58 PM tyson andre wrote: > Hi internals, > > > I've created a straw poll at > https://wiki.php.net/rfc/calls_in_constant_expressions_poll , to measure > interest in allowing calls in different types of constant expressions. > > If there aren't any problems with the

Re: [PHP-DEV] $_FILES['name'] check

On Wed, Feb 19, 2020 at 10:29 AM Craig Francis wrote: > On Wed, 19 Feb 2020 at 05:23, Bishop Bettini wrote: > >> On Sun, Feb 16, 2020 at 6:24 PM Craig Francis >> wrote: >> >>> Just to check, at the moment, if I was an evil hacker, and was to run: >>&g

Re: [PHP-DEV] $_FILES['name'] check

On Sun, Feb 16, 2020 at 6:24 PM Craig Francis wrote: > Just to check, at the moment, if I was an evil hacker, and was to run: > > curl -F 'file=@example.jpg;filename=../../../example.php' > https://example.com/upload/ > > The $_FILES['file']['name'] would be set to "example.php", where PHP has >

Re: [PHP-DEV] [VOTE] declare(function_and_const_lookup='global')

On Wed, Jan 29, 2020 at 3:12 PM Claude Pache wrote: > > > Le 29 janv. 2020 à 19:42, Bishop Bettini a écrit : > > Cons... have to enumerate everything, potentially lots of work to do that > to update old code to use; edge cases I'm not thinking about. > > > Not onl

Re: [PHP-DEV] [VOTE] declare(function_and_const_lookup='global')

On Wed, Jan 29, 2020 at 5:56 AM Marco Pivetta wrote: > I voted "No" on this one, sorry. > > TL;DR: I'd rather have a mechanism to disable global function fallback, not > something that makes un-imported symbols immediately global. > > The idea to disable PHP's implicit >

Re: [PHP-DEV] How to debug a segmentation fault?

On Tue, Jan 28, 2020 at 11:28 AM Benjamin Morel wrote: > I'm encountering a SIGSEGV in PHP-FPM on PHP 7.4.2 in a Symfony app. The > bug seems to happen during the rendering of a Twig template; this makes it > hard for me to pinpoint the code that triggers the segfault. > > Could you please tell

Re: [PHP-DEV] [VOTE] declare(function_and_const_lookup='global')

On Tue, Jan 28, 2020 at 9:22 PM tyson andre wrote: > > I've opened the vote on https://wiki.php.net/rfc/use_global_elements > after weighing the pros and cons of discussed alternative approaches. > Yesterday, I've finished the last set of updates I announced I would do > based on RFC feedback. >

Re: [PHP-DEV] Properly validate abstract methods in traits

On Thu, Jan 9, 2020 at 10:15 AM Nikita Popov wrote: > Hi internals, > > I've prepared https://github.com/php/php-src/pull/5068 to fix validation > of > abstract methods inside traits for PHP 8. > > To provide some context, the situation is currently pretty weird... when > you add an abstract

Re: [PHP-DEV] XOAUTH2 support in PHP IMAP

On Thu, Dec 26, 2019 at 6:45 AM Nikita Popov wrote: > On Wed, Dec 25, 2019 at 7:11 PM FreeScout wrote: > > > > > Hi Team! > > > > Could you please take a look at > > https://github.com/google/gmail-oauth2-tools/issues/18 > > > > What do you think? Will it be possible to add XOAUTH2 support to

Re: [PHP-DEV] Re: PHP 7.2.24 Released

On Wed, Nov 20, 2019, 11:04 Sara Golemon wrote: > On Wed, Nov 20, 2019 at 9:28 AM Jan Ehrhardt wrote: > > > Remi Collet in php.internals (Thu, 24 Oct 2019 12:58:01 +0200): > > >The PHP development team announces the immediate availability of PHP > > >7.2.24. This is a security release which

Re: [PHP-DEV] Adding explicit intent for SWITCH/CASE fall through?

On Thu, Oct 17, 2019 at 4:54 PM Mike Schinkel wrote: > Before creating an RFC I wanted to get reactions to the idea of adding > FALLTHROUGH option to SWITCH/CASE for when the developer explicitly want > logic to fall through to the next case and does not want to use a BREAK. > > My simples

Re: [PHP-DEV] Shutdown Memory Allowance (aka Soft Memory Limit)

On Tue, Sep 24, 2019 at 5:39 AM Peter Stalman wrote: > On Tue, Sep 24, 2019 at 12:01 AM Bishop Bettini wrote: > > > > On Tue, Sep 24, 2019 at 2:26 AM Peter Stalman > wrote: > >> > >> When PHP runs out of memory, a fatal error is triggered and whateve

Re: [PHP-DEV] Warning for "confusable" types

On Fri, Oct 11, 2019 at 1:47 PM Larry Garfield wrote: > On Fri, Oct 11, 2019, at 8:54 AM, Nikita Popov wrote: > > Hi internals, > > > > Something I've seen play out a couple of times: Newbies try to use > > something like "integer" or "resource" as a type, and then get a > confusing > > error

Re: [PHP-DEV] exit() via exception

On Fri, Oct 11, 2019 at 10:11 AM Nikita Popov wrote: > On Fri, Oct 11, 2019 at 3:47 PM Marcio Almada > wrote: > > > Em sex, 11 de out de 2019 às 08:05, Nikita Popov > > escreveu: > > > > > Currently exit() is implemented using bailout and unclean shutdown, > which > > > means that we're going

Re: [PHP-DEV] Internals "camps"

On Thu, Oct 10, 2019, 13:03 Chase Peeler wrote: > On Thu, Oct 10, 2019 at 12:11 AM Mike Schinkel > wrote: > > > > I'm not sure where's the log jam here? > > > > The issue is not this specific RFC. > > > > As I wrote earlier, there appear to be heated and non-stop debates over > > (at least) BC,

Re: [PHP-DEV] [RFC] Deprecate Backtick Operator (V2)

On Wed, Oct 9, 2019 at 12:19 PM Olumide Samson wrote: > > > On Wed, Oct 9, 2019, 3:41 PM Bishop Bettini wrote: > >> On Mon, Oct 7, 2019 at 5:21 PM Olumide Samson >> wrote: >> >>> On Mon, Oct 7, 2019, 9:20 PM Claude Pache >>> wrote: &g

Re: [PHP-DEV] [RFC] Deprecate Backtick Operator (V2)

On Mon, Oct 7, 2019 at 5:21 PM Olumide Samson wrote: > On Mon, Oct 7, 2019, 9:20 PM Claude Pache wrote: > > > > Le 7 oct. 2019 à 22:06, Olumide Samson a écrit > : > > > > > > What's the goal of PHP? > > > > One important goal is (like many programming languages) to get work done. > > > I

Re: [PHP-DEV] Error when POST / upload limits are exceeded

On Tue, Oct 1, 2019 at 5:39 PM Thomas Hruska wrote: > On 10/1/2019 1:26 PM, Rasmus Lerdorf wrote: > > On Tue, Oct 1, 2019 at 8:25 AM Benjamin Morel > > wrote: > > > >>> Perhaps a more generic $_SERVER['PHP_REQUEST_STATUS'] or something > along > >> those lines where you'd put the error message

Re: [PHP-DEV] Re: [VOTE] Reclassifying engine warnings

On Wed, Oct 2, 2019 at 11:45 AM Sara Golemon wrote: > On Wed, Oct 2, 2019 at 8:24 AM Nikita Popov wrote: > > > * The "Undefined array index" case. This one passed the vote with an > exact > > 2/3 majority, so I'm a bit uncomfortable making changes here. This is > also > > the only case where

Re: [PHP-DEV] Shutdown Memory Allowance (aka Soft Memory Limit)

On Tue, Sep 24, 2019 at 2:26 AM Peter Stalman wrote: > When PHP runs out of memory, a fatal error is triggered and whatever > shutdown > functions or error handlers take over. > > However, in the case of error logging, or just logging in general, there > often > needs to be additional memory

Re: [PHP-DEV] PHP 7 + bcgen extension + PHAR extension

On Wed, Sep 4, 2019 at 8:44 AM Henrik Skov wrote: > I found a port of bcompiler here: > > https://github.com/vjardin/bcgen/ > > which is PHP7 compatible. > > By mailing here, I am trying to reach out to the authors of the PHAR > extension since the author(s) of bcgen have said that they don't

[PHP-DEV] Should changes to EXTENSIONS be with a direct master commit?

I've got the change below staged locally, but as you can see it's direct to master. Since that's an atypical workflow, and a first time for me, I wanted to check before I push. --- BEGIN git log --- commit f94d9dcc102ea5515974b3a721286a6b49840860 (HEAD -> master) Author: Bishop Bettini D

Re: [PHP-DEV] Handling over sized keys on OpenSSL

On Sat, Aug 31, 2019 at 11:34 PM Leo Cavalcante wrote: > ... > Yeah, I was using a 256-bit length key with AES-128-CBC then trying to > decrypt it in another program never works. > > And in fact, its better to throw or even warn/notice about it instead of > silently allowing it, *what you

Re: [PHP-DEV] Build instructions for Ubuntu 18.04 (and other systems)

On Wed, Sep 18, 2019 at 7:31 PM Mike Schinkel wrote: > > ... I tried to get PHP compiled and working locally, and I failed > miserably. I decided I would participate on the list for a while and maybe > after some time I could ask for help getting it compiled on my Mac and in a > Docker

Re: [PHP-DEV] Improving productivity of internals mailing list

On Wed, Sep 18, 2019 at 1:33 PM Dan Ackroyd wrote: > > ... > > # Problem 1 - It's really hard to see what is being or could be worked on. > > People sometimes announce things that they think could be worked on > through the internals list, in the hope that people might want to help > them do

Re: [PHP-DEV] [RFC] [VOTE] Deprecate PHP's short open tags, again

On Thu, Aug 8, 2019 at 3:35 PM Zeev Suraski wrote: > On Thu, Aug 8, 2019 at 9:10 PM Bishop Bettini wrote: > >> On Tue, Aug 6, 2019 at 7:34 AM G. P. B. wrote: >> >> > The voting for the "Deprecate short open tags, again" [1] RFC has begun. >> > It i

Re: [PHP-DEV] [RFC] [VOTE] Deprecate PHP's short open tags, again

On Tue, Aug 6, 2019 at 7:34 AM G. P. B. wrote: > The voting for the "Deprecate short open tags, again" [1] RFC has begun. > It is expected to last two (2) weeks until 2019-08-20. > > A counter argument to this RFC is available at >

Re: [PHP-DEV] Merging fuzzing SAPI into core

On Tue, Jul 30, 2019 at 6:15 PM Johannes Schlüter wrote: > On Tue, 2019-07-30 at 13:28 -0400, Bishop Bettini wrote: > > On the other, I've found it refreshing working in a > > slender repo that doesn't have all the history and process rules. > > This is good for exter

Re: [PHP-DEV] Merging fuzzing SAPI into core

On Sun, Jul 28, 2019 at 8:48 PM Stanislav Malyshev wrote: > > As you probably know, we've been running PHP fuzzing under Google's > OSS-Fuzz[1] project for a while now (and found and fixed some bugs due > to it). > > This has been enabled by the PHP fuzzing API SAPI[2] which currently > lives in

Re: [PHP-DEV] Stop replacing dots with underscores in query, post and cookie parameters for PHP 8?

On Tue, Jul 16, 2019 at 3:51 AM Nikita Popov wrote: > On Tue, Jul 16, 2019 at 3:40 AM Arnold Daniels < > arnold.adaniels...@gmail.com> > wrote: > > > Hi, > > > > PHP replaces dots with underscores for $_GET, $_POST and $_COOKIE. This > > behavior once made sense because of Register globals. The

Re: [PHP-DEV] [RFC] Deprecations for 7.4

On Fri, Jun 21, 2019 at 2:46 PM Claude Pache wrote: > > > > Le 21 juin 2019 à 20:15, Bishop Bettini a écrit : > > > > On Fri, Jun 21, 2019, 13:54 Claude Pache <mailto:claude.pa...@gmail.com>> wrote: > > > > > > > Le 21 juin 2019

Re: [PHP-DEV] [RFC] Deprecations for 7.4

On Fri, Jun 21, 2019, 13:54 Claude Pache wrote: > > > > Le 21 juin 2019 à 17:20, Kalle Sommer Nielsen a écrit : > > > > Greetings Internals > > > > Nikita and I would like to open the discussion for the RFC: > > "Deprecations for 7.4", this RFC targets a larger set of various > > features

Re: [PHP-DEV] Feedback on state of some PHP extensions, functions, etc.

On Fri, Jun 14, 2019 at 8:15 AM G. P. B. wrote: > On Wed, 12 Jun 2019 at 18:16, Bishop Bettini wrote: > > > On Wed, Jun 12, 2019 at 11:35 AM G. P. B. > > wrote: > > > >>- PharData::setAlias, PharData::setDefaultStub and PharData::setStub > >>

Re: [PHP-DEV] Feedback on state of some PHP extensions, functions, etc.

On Wed, Jun 12, 2019 at 11:35 AM G. P. B. wrote: >- PharData::setAlias, PharData::setDefaultStub and PharData::setStub >always throw PharException > [11] [12] [13] > [11] https://www.php.net/manual/en/phardata.setalias.php >

[PHP-DEV] Git FAQ - "How to handle changes that should not merge upward?"

Our Git FAQ[1] currently says (at the bottom): > What about commits that should not be merged upwards (say, only for 5.3)? Should you still merge them but make it so no changes actually take place? Otherwise, it will the next person merging that will have to deal with the conflict (or worse, the

Re: [PHP-DEV] JSON_THROW_ON_ERROR implementation detail

On Fri, May 10, 2019 at 2:52 PM Riikka Kalliomäki < riikka.kalliom...@riimu.net> wrote: > > The new code has what looks like, to me, a refactor bug. I'd expect that, > when one adds the JSON_THROW_ON_ERROR flag, one must also remove the > subsequent json_last_error() handling, as it's no longer

Re: [PHP-DEV] JSON_THROW_ON_ERROR implementation detail

On Thu, May 9, 2019 at 12:06 PM Dan Ackroyd wrote: > Apparently there is an implementation detail in JSON_THROW_ON_ERROR > that differs in the RFC text, from the discussion on list > http://news.php.net/php.internals/100569: > > > I decided to reset it to no error because there's no > > previous

Re: [PHP-DEV] Re: [RFC][Vote] Covariant Returns and Contravariant Parameters

On Wed, May 8, 2019 at 4:06 AM Nikita Popov wrote: > On Tue, Jan 22, 2019 at 6:59 PM Levi Morrison wrote: > > > On Tue, Jan 15, 2019 at 1:27 PM Christoph M. Becker > > wrote: > > > > > > On 04.01.2019 at 20:17, Levi Morrison wrote: > > > > > > > I intend to close the vote in a day or two,

Re: [PHP-DEV] Remove $age parameter of curl_version()

On Thu, May 2, 2019 at 3:58 AM Christoph M. Becker wrote: > On 01.05.2019 at 19:40, Bishop Bettini wrote: > > > On Wed, May 1, 2019 at 1:18 PM Christoph M. Becker > > >> Thoughts? Do I overlook something important? > > > > Well, what about:

Re: [PHP-DEV] Revive Number Format Separator RFC

On Wed, May 1, 2019 at 5:42 AM Thomas Punt wrote: > Hi! > > > On Wed, May 01, 2019 at 01:13 AM Bishop Bettini wrote: > > > On Tue, Apr 30, 2019, 19:14 Theodore Brown wrote: > > > > > > On Tue, Apr 30, 2019 at 3:59 PM Bishop Bettini wrote: > > >

Re: [PHP-DEV] Remove $age parameter of curl_version()

On Wed, May 1, 2019 at 1:18 PM Christoph M. Becker wrote: > > curl_version()[1] (of ext/curl) makes curl_version_info()[2] (of > libcurl) available to PHP userland. The latter requires to pass an age > argument which usually is CURLVERSION_NOW, so that the information > returned by the runtime

Re: [PHP-DEV] [RFC] Allow throwing exceptions from __toString()

On Wed, May 1, 2019 at 7:36 AM Dan Ackroyd wrote: > On Wed, 1 May 2019 at 03:54, Bishop Bettini wrote: > > > > But I'd still think this would be a "many eyes needed" kind of PR, > especially from extension maintainers. > > Hypothetically, what should thes

Re: [PHP-DEV] Re: [VOTE] Arrow functions / short closures

On Wed, May 1, 2019 at 4:42 AM Nikita Popov wrote: > On Wed, Apr 17, 2019 at 12:58 PM Nikita Popov > wrote: > > > Hi internals, > > > > I've opened voting on the arrow functions RFC. The vote closes May 1st. > > > > https://wiki.php.net/rfc/arrow_functions_v2#vote > > > > The RFC uses the

Re: [PHP-DEV] [RFC] Allow throwing exceptions from __toString()

On Tue, Apr 30, 2019 at 2:49 PM Stanislav Malyshev wrote: > > That said, the work done on the patch is super impressive. I am > reasonably sure that Nikita caught as many instances of something going > wrong when string conversion fails as humanly possible. And I agree that > banning exceptions

Re: [PHP-DEV] Revive Number Format Separator RFC

On Tue, Apr 30, 2019, 19:14 Theodore Brown On Tue, Apr 30, 2019 at 3:59 PM Bishop Bettini wrote: > > > Excellent. I hope we can make the case this time. Please > > request Wiki karma [1], and we'll iterate on it there. > > I was granted karma, and published an initi

Re: [PHP-DEV] Revive Number Format Separator RFC

On Tue, Apr 30, 2019 at 4:41 PM Theodore Brown wrote: > On Mon, Apr 29, 2019 at 2:33 AM Bishop Bettini wrote: > > > Well said. > > > > One need not agree with an implementation to appreciate the improved > > readability. > > > > If you'd like to r

Re: [PHP-DEV] [RFC] [VOTE] Deprecate PHP's short open tags

On Wed, Apr 24, 2019 at 8:19 PM Michael Kliewe wrote: > Some random thoughts: > - What happens to .phar files? Do we have to scan the contents? > Phar relies upon the engine's tokenizer. If your phar build script uses createDefaultStub('index.php'); $phar->setStub($stub); $ php -d

Re: [PHP-DEV] Revive Number Format Separator RFC

On Sun, Apr 28, 2019 at 1:47 PM Theodore Brown wrote: > On Sat, Apr 27, 2019 at 10:25 PM Stanislav Malyshev > wrote: > > > I am not exactly against this feature, but the potential for abuse > > \- like enabling people using integers for things that are not > > integers and should not be stored

Re: [PHP-DEV] Issuing CVEs for PHP

On Sun, Apr 28, 2019 at 11:51 PM Stanislav Malyshev wrote: > I have set up PHP as CNA (CVE Identifiers authority) with MITRE. That > means that we will be assigning our own CVEs from now on. The process in > broad strokes works like this: > > 1. We request a block of numbers > 2. When we have

Re: [PHP-DEV] [RFC] Change the precedence of the concatenation operator

On Sun, Apr 28, 2019 at 9:45 PM Stanislav Malyshev wrote: > > > Nikita, impressive leg work; thanks. It validates Bob's intuition from > the > > RFC ("... these occurrences are quite rare as it almost always is an > error > > in the current form, rendering the impact minimal.") > > If the impact

Re: [PHP-DEV] Revive Number Format Separator RFC

On Thu, Apr 25, 2019 at 9:28 PM Bishop Bettini wrote: > On Thu, Apr 25, 2019 at 6:07 PM Theodore Brown > wrote: > >> Is there any chance the Number Format Separator RFC [1] could be revived >> for PHP 7.4? I looked at the discussion from a few years ago and it's not >

Re: [PHP-DEV] Revive Number Format Separator RFC

On Thu, Apr 25, 2019 at 6:07 PM Theodore Brown wrote: > Is there any chance the Number Format Separator RFC [1] could be revived > for PHP 7.4? I looked at the discussion from a few years ago and it's not > clear why many people originally voted against it. > > JavaScript and Python have both

Re: [PHP-DEV] [RFC] Change the precedence of the concatenation operator

On Thu, Apr 25, 2019 at 5:52 AM Nikita Popov wrote: > On Thu, Mar 28, 2019 at 2:33 PM Bob Weinand wrote: > > > I feel like concatenation having the same precedence than addition and > > subtraction is promoting programmers to make mistakes. Albeit typically > > easy to catch ones, it is a

Re: [PHP-DEV] Alternative approach to short tags deprecation

On Thu, Apr 25, 2019 at 3:16 AM Nikita Popov wrote: > Hi internals, > > As already discussed in the corresponding voting thread, the deprecation of > short tags as proposed has a high risk of causing inadvertent source code > leakage. The RFC proposes to change the default of short_open_tag from

Re: [PHP-DEV] PHP deserialization techniques offer rich pickings for security researchers

On Wed, Apr 17, 2019 at 12:44 AM Stanislav Malyshev wrote: > Hi! > > > 2. Improve caller control on unserialization. Change the signature to > > public Phar::getMetadata ( mixed $allowed_classes = true ) : mixed, and > > invoke the behavior similar to how unserialize itself works. Since all > >

Re: [PHP-DEV] Required Make version

On Sun, Apr 14, 2019 at 12:07 PM Peter Kokot wrote: > Hello, > > people familiar with the PHP *nix build system today can be probably > counted on the fingers of two hands, so I'm hoping to get some answer > also here. > > Does anyone maybe still have any insights on which Make version does >

Re: [PHP-DEV] PHP deserialization techniques offer rich pickings for security researchers

On Tue, Apr 16, 2019 at 6:38 AM Yasuo Ohgaki wrote: > On Mon, Apr 15, 2019 at 3:28 PM Stanislav Malyshev > wrote: > > > Hi! > > > > > Thanks for responding to this issue. > > > > > > Will calling getMetaData still parse and > > > execute malicious code? > > > > If it's contained in phar and

Re: [PHP-DEV] [RFC] Deprecate left-associative ternary operator

On Tue, Apr 9, 2019 at 5:54 AM Nikita Popov wrote: > > Inspired by Bob's recent RFC for concat precedence, I'd like to propose a > deprecation and removal of the left-associative behavior of ternaries. > Instead, explicit parentheses should be used: > >

Re: [PHP-DEV] [RFC] Always generate fatal error for incompatible method signatures

On Tue, Apr 9, 2019 at 4:25 AM Nikita Popov wrote: > Hi internals, > > A small cleanup RFC for PHP 8: https://wiki.php.net/rfc/lsp_errors > > This makes all incompatible method signature (LSP) errors fatal, rather > than only warning in some cases. Especially after >

Re: [PHP-DEV] Argon2 default time cost

On Mon, Mar 25, 2019 at 10:18 PM Sara Golemon wrote: > ...snip... > So that's a long winded way of asking, does anyone see an issue with upping > the default time cost for argon2 to a higher number? (e.g. "3") > ...snip... > The only negative impact is that password hashing becomes a slightly

Re: [PHP-DEV] PHP 7.4 Release Manager Selection

On Wed, Mar 6, 2019 at 1:49 PM Peter Kokot wrote: > > First of all, thank you for the nomination and suggestion. Yes, of > course, I'd be honoured to do that part. Overall, it's no secret I > still have a lot of catching up to do as far as PHP core is concerned, > but for the PHP 7.4 timeframe I

Re: [PHP-DEV] bugs.php.net problems?

On Mon, Feb 11, 2019 at 1:04 AM Rasmus Lerdorf wrote: > On Sat, Feb 9, 2019 at 4:17 PM Ben Ramsey wrote: > > > > On Feb 9, 2019, at 18:15, Stanislav Malyshev > > wrote: > > > > > > Hi! > > > > > > I am trying to access bugs.php.net and I am getting timeouts all the > > > time today (TLS

Re: [PHP-DEV] Convert ext/xml to use an object instead of resource

On Tue, Feb 12, 2019 at 11:21 AM Sara Golemon wrote: > On Tue, Feb 12, 2019 at 10:18 AM Nikita Popov > wrote: > > Very much opposed to any kind of special handling for is_resource(). We > > used to do this for is_object() and __PHP_Incomplete_Class and I'm very > > happy to be rid of this

Re: [PHP-DEV] Convert ext/xml to use an object instead of resource

On Tue, Feb 12, 2019 at 11:04 AM Rowan Collins wrote: > On Tue, 12 Feb 2019 at 15:30, Bishop Bettini wrote: > > > +1 for movement away from resources, generally. > > > > Resources represent connections to external resources, in a manner that's > > opaque to use

Re: [PHP-DEV] Convert ext/xml to use an object instead of resource

On Tue, Feb 12, 2019 at 10:00 AM Nikita Popov wrote: > The ext/xml extension currently has GC issues, see > https://bugs.php.net/bug.php?id=76874. The tl;dr is that uses of > xml_parser > will usually result in a cyclic structure, but resources do not support > cycle GC. This means that the user

Re: [PHP-DEV] What's up with github.com/php-src?

On Sat, Feb 9, 2019 at 11:00 AM Leigh wrote: > On Sat, 9 Feb 2019 at 14:33 Derick Rethans wrote: > > > On Sat, 9 Feb 2019, Ben Ramsey wrote: > > > > > > > > > On Feb 8, 2019, at 22:46, Bishop Bettini wrote: > > > > > > > > Havin

[PHP-DEV] What's up with github.com/php-src?

Having mistakenly cloned php-src/php instead of php/php-src (again), I figured I'd ask -- is php-src used for anything? The code seems to be quite old, and the content of php-src/php-src.github.io

Re: [PHP-DEV] RFC: RFC Workflow & Voting (2019 update)

On Fri, Feb 1, 2019 at 8:41 PM Johannes Schlüter wrote: > On Do, 2019-01-31 at 14:28 -0500, Bishop Bettini wrote: > > > >2. Core developers are defined as the top 13 committers within the > >period of two years since voting began. A core developer is a de >

Re: [PHP-DEV] Re: patch for imap bug 77153

On Fri, Feb 1, 2019 at 11:45 AM Jan Schneider wrote: > > Zitat von Bishop Bettini : > > > On Wed, Nov 21, 2018 at 7:27 PM Stanislav Malyshev > > wrote: > > > >> Hi! > >> > >> > Anyhow, this is water under the bridge now, and I think we s

Re: [PHP-DEV] PHAR maintainer?

On Thu, Jan 31, 2019 at 3:13 PM Stanislav Malyshev wrote: > Hi! > > > I've been fixing phar bugs here and there over the last year, and I'm > > happy to take on a more diligent process to maintain ext/phar officially. > > > > Do we have, anywhere, a maintainers guide that talks about the > >

Re: [PHP-DEV] Re: patch for imap bug 77153

On Wed, Nov 21, 2018 at 7:27 PM Stanislav Malyshev wrote: > Hi! > > > Anyhow, this is water under the bridge now, and I think we should issue > > a call for maintainership[4] for ext/imap as soon as possible, since > > this is not the only issue[5] of this unmaintained[6] extension. > > Pierre

Re: [PHP-DEV] PHAR maintainer?

On Sun, Jan 20, 2019 at 9:01 PM Stanislav Malyshev wrote: > Hi! > > PHAR is pretty widely used component of PHP ecosystem, as I understand, > but all people listed as maintainers for the extension haven't been > active in the project for a decade. Is there somebody still willing to > take care

Re: [PHP-DEV] RFC: RFC Workflow & Voting (2019 update)

On Thu, Jan 31, 2019 at 9:07 AM Zeev Suraski wrote: > On Thu, Jan 31, 2019 at 3:53 PM Kris Craig wrote: > > > I think you may be over-reaching a bit on the eligible voters part. Keep > > in mind that all those who would be affected would still be able to vote > on > > this RFC. I think it's

Re: [PHP-DEV][RFC][DISCUSSION] Collection Inspection

On Thu, Jan 25, 2018 at 9:52 AM, Derick Rethans wrote: > On Wed, 24 Jan 2018, Michael Morris wrote: > > > Ok, here's another idea I've been mulling over. This I know is possible > > because I've done it using user land code, specifically Drupal 8's > > Assertion\Inspector class.

Re: [PHP-DEV] Inserting string keys in arrays at any position

On Fri, Nov 3, 2017 at 9:51 AM, Thomas Hruska wrote: > I've been wondering for some time why PHP does not have the ability to > efficiently insert string keys before/after an existing string key. > > Let's say I have an array of 10,000 string key/value pairs and I want

Re: [PHP-DEV] Proposed RFC

On Thu, Nov 3, 2016 at 11:02 AM, Antony D'Andrea < contac...@antonydandrea.com> wrote: > > I would like to propose a new feature that is as clean as this but is a > slightly different use case. This would require a new operator (up for > discussion, but an early idea is "?!") For example: > >

Re: [PHP-DEV] [RFC][DISCUSSION] Object type hint

On Oct 24, 2016 6:17 AM, "Dan Ackroyd" wrote: > > But I don't see how this RFC 'encourages' what you consider to be a bad practice. Instead it provides a useful thing that could be misused by bad programmers. To clarify, programmers are not 'bad'. Their implementation

Re: [PHP-DEV] Re: ext/fileinfo/libmagic/apprentice.c", line 2195: error: syntax error

On Wed, Oct 5, 2016 at 12:51 PM, Dennis Clarke wrote: > > Not sure where the definition of "offsetof()" is located but something >>> seems clearly not C compliant here. >>> >>> So this is using the Oracle Studio 12.5 compiler tools on a big old >>> SPARC box running

Re: [PHP-DEV] Re: [RFC][VOTE] E_WARNING on invalid container read-adccess

> On Wed, Aug 31, 2016 at 7:49 AM David Walker wrote: > Hi all, > > As of now, the scheduled time the vote is to close, the RFC stands 19-4 > (accepted). Given this is my first solo RFC, I'm not really sure protocol > to go from here. Dmitry does raise that the implementation

Re: [PHP-DEV] [RFC][VOTE]: Implement socket_getaddrinfo family

On Wed, Aug 24, 2016 at 11:26 AM, David Walker wrote: > I'd like to open voting on my RFC[1] to implement getaddrinfo(). The RFC > implements 4 new socket extension functions to aid in the calling, > examining, and connect/binding of the addrinfo structure. > +1 from me --

Re: [PHP-DEV] [RFC][VOTE] E_WARNING on invalid container read-adccess

On Wed, Aug 24, 2016 at 10:58 AM, David Walker wrote: > I'd like to extend the vote through Sunday evening in the event anyone had > reservations based on potential performance impact. The RFC is currently > sitting 15-0 in favor. > I'd recommend extending the original

Re: [PHP-DEV] RFC Posted for str_begins and str_ends functions

On Fri, Aug 12, 2016 at 8:37 PM, wrote: > I've updated the RFC to reflect the discussion here and on github. You may > see it at > https://wiki.php.net/rfc/add_str_begin_and_end_functions . You can see > the github PR at https://github.com/php/php-src/pull/2049 . > > The

Re: [PHP-DEV] [RFC][VOTE] Add session_gc() function

On Wed, Aug 10, 2016 at 5:30 AM, Yasuo Ohgaki wrote: > Hi all, > > This RFC is to add session_gc() function. > > session_gc() function is required API for periodic session GC that is > best practice for production web sites. > > https://wiki.php.net/rfc/session-gc > It

Re: [PHP-DEV] Fixing #72733 : Implement getaddrinfo

On Thu, Aug 11, 2016 at 5:59 PM, David Walker wrote: > Hi all, > > I'm looking to resolve this bug, and thought about 2 means in which to > implement the request of exposing C's getaddrinfo() and the addrinfo > structure. There's not really an equivalent means to accomplish

Re: [PHP-DEV] Simple variable handling.

On Wed, Aug 10, 2016 at 4:07 PM, Lester Caine wrote: > People keep complaining that I do not contribute any proposals to > improve PHP, which to some extent s correct. Except the one thing that I > keep trying to get a handle on is tidying validating of the basic > variables

Re: [PHP-DEV] Function auto-loading

On Wed, Aug 10, 2016 at 5:37 AM, Peter Lind wrote: > On 10 August 2016 at 10:51, Lester Caine wrote: > > > On 09/08/16 06:54, Sara Golemon wrote: > > > On Mon, Aug 8, 2016 at 9:59 PM, Lester Caine > wrote: > > >> So Composer IS

[PHP-DEV] Tracing exit()

Hi! exit (and its doppelganger die) is a hard stop to the engine and there is little telemetry provided about the circumstances (file, line, message, and code). In source I control, exit is no big deal: I don't use exit! But in library code, exit can be frustrating. register_shutdown_function +

Re: [PHP-DEV] Re: [RFC][VOTE] Enable session.use_strict_mode by default

On Mon, Jul 18, 2016 at 9:40 PM, Yasuo Ohgaki wrote: > Hi all, > > On Tue, Jul 12, 2016 at 10:01 AM, Yasuo Ohgaki wrote: > > Vote for "Enable session.use_strict_mode by default" RFC has started. > > > > https://wiki.php.net/rfc/session-use-strict-mode > >

[PHP-DEV] Re: [RFC][Vote] Additional context in pcntl_signal handler

On Thu, Jul 7, 2016 at 12:00 PM, Bishop Bettini <bis...@php.net> wrote: > Hi! > > The RFC for enhancing pcntl_signal with additional calling context[1] is > now in voting phase. Voting open now through July 14. > > Implementation PR[2] available for review. >

[PHP-DEV] [RFC][Vote] Additional context in pcntl_signal handler

Hi! The RFC for enhancing pcntl_signal with additional calling context[1] is now in voting phase. Voting open now through July 14. Implementation PR[2] available for review. Thanks! [1]: https://wiki.php.net/rfc/additional-context-in-pcntl-signal-handler [2]:

  1   2   >