Is this related to http://www.ush.it/2009/02/08/php-filesystem-attack-vectors/ ?
That's a quiet old bug, I'm happy to listen it's now worked on and has a patch. J.Pauli On Tue, Nov 16, 2010 at 12:34 PM, Pierre Joye <pierre....@gmail.com> wrote: > hi, > > On Tue, Nov 16, 2010 at 7:15 AM, Rasmus Lerdorf <ras...@lerdorf.com> wrote: >> On 11/15/10 10:12 PM, Stas Malyshev wrote: >>> Hi! >>> >>>> Well, it changes the signature of that function, so while we don't break >>>> backward binary compatibility, we break forward compatibility within the >>>> 5.3 branch. As in, if I change my extension to use this new NoNull >>>> string flag, it will no longer work on<5.3.3 whereas if I do the >>>> if(strlen(filename) != filename_len) check, this will still work in all >>>> 5.3 releases. >>> >>> So if you have such extension, and you need to have it compatible with >>> previous versions (e.g. PECL one), use the check. That doesn't prevent >>> us from having the flag in the core code and thus keeping it cleaner. >> >> It still worries me a bit. Distros love to separate core extensions >> into separate packages and if you update one of those without updating >> the core package, it will break. Hopefully they have hard dependencies >> so you can't install php-curl-5.3.4 on php-5.3.3, for example. > > Same here, it is somehow a API incompatibility. We did similar changes > in the past and forced us to have two versions of extensions (afair it > was <5.2.5 and >=5.2.6). That was really painful and took years to get > rid of 5.2.5 support. > > I like the idea of having a (maybe not so perfect) solution for 5.3.x > using Rasmus patch and do it right in trunk. > > Cheers, > -- > Pierre > > @pierrejoye | http://blog.thepimp.net | http://www.libgd.org > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
