What exploits are there for __toString()? Just wondering.
On 05/05/2010 07:50, Dmitry Stogov wrote:
Hi Moriyoshi, I took just a quick look through the patch, but for me it looks like a bad idea. Introducing new magic function may bring a lot of troubles and open a new door for exploit writer (we already have problems with __toString() method). Also I afraid, this magic method will make php slower even if scripts don't use this future (at least the patch disables code specialization for ZEND_INIT_METHOD_CALL) and make some future type propagation optimizations non-applicable. At last the patch introduces 18 new grammar conflicts and I think it's not acceptable. Thanks. Dmitry.
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
