[PHP-DEV] open_basedir + sessions bug (or a feature?)
ext/sessions/mod_files.c:281 has a hardcoded openbasedir-check skipping of /tmp path for storing session-files, if sessions.save_path is not manually set. This leads to the failure of session_save_path_variation5 test on mac os x, as default temporary path here is /var/tmp and not /tmp Anyway, this looks like something done wrong from the beginning. Shouldn't /tmp be explicitly added to open_basedir list? Why should it have any special meaning? I propose to remove special treatment of /tmp (should be mentioned in upgrade-docs) Other option would be to skip check for any path, which is returned by php_get_temporary_directory() call, but that sounds like a very bad idea. -- Alexey Zakhlestin http://blog.milkfarmsoft.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] run-tests gsoc status?
On Fri, 15 Aug 2008, Hannes Magnusson wrote: On Fri, Aug 15, 2008 at 17:15, Jani Taskinen [EMAIL PROTECTED] wrote: Because it was the easiest way to fix this: __FILE__ is not same with clean and actual test sections, so the clean section code did nothing however you run the tests.. btw. run-tests.php is such a mess that I don't want to even look at the code anymore. There was a run-tests.php rewrite application accepted for gsoc this summer.. I however haven't heard a word about it since then.. Does anyone know the status of that project? Still no reply to this? I suppose the project is then not going anywhere. Can any of the GSoC admins see if something happened with reviews here? regards, Derick -- HEAD before 5_3!: http://tinyurl.com/6d2esb http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] run-tests gsoc status?
Hi, If nobody is working on it this task, I may take it. (I will keep on working on my project as long as possible, but I have too much on my head right now to do 'creative' stuff - need something with clearly defined goals). If Sebastian or Travis (they mentored this project, didn't they?) have a few minutes to discuss what is wrong with the old script it would be really nice, and I will be able to start it on Friday or Saturday I think. Cheers, Michal On 2008-08-27, at 09:46, Derick Rethans wrote: On Fri, 15 Aug 2008, Hannes Magnusson wrote: On Fri, Aug 15, 2008 at 17:15, Jani Taskinen [EMAIL PROTECTED] wrote: Because it was the easiest way to fix this: __FILE__ is not same with clean and actual test sections, so the clean section code did nothing however you run the tests.. btw. run-tests.php is such a mess that I don't want to even look at the code anymore. There was a run-tests.php rewrite application accepted for gsoc this summer.. I however haven't heard a word about it since then.. Does anyone know the status of that project? Still no reply to this? I suppose the project is then not going anywhere. Can any of the GSoC admins see if something happened with reviews here? regards, Derick -- HEAD before 5_3!: http://tinyurl.com/6d2esb http://derickrethans.nl | http://ezcomponents.org | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] run-tests gsoc status?
On Wed, 2008-08-27 at 10:46 +0200, Derick Rethans wrote: There was a run-tests.php rewrite application accepted for gsoc this summer.. I however haven't heard a word about it since then.. Does anyone know the status of that project? Still no reply to this? I suppose the project is then not going anywhere. Can any of the GSoC admins see if something happened with reviews here? Nothing happened there, neither student nor mentor filled out the final survey nor did I see any code. (but that's also true for projects doing quite well) johannes -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: open_basedir + sessions bug (or a feature?)
well, in case there are no objections I will remove special treatment of /tmp path in sessions code of 5.3 and 6.0 should 5.2 also be fixed? On Wed, Aug 27, 2008 at 12:30 PM, Alexey Zakhlestin [EMAIL PROTECTED] wrote: ext/sessions/mod_files.c:281 has a hardcoded openbasedir-check skipping of /tmp path for storing session-files, if sessions.save_path is not manually set. This leads to the failure of session_save_path_variation5 test on mac os x, as default temporary path here is /var/tmp and not /tmp Anyway, this looks like something done wrong from the beginning. Shouldn't /tmp be explicitly added to open_basedir list? Why should it have any special meaning? I propose to remove special treatment of /tmp (should be mentioned in upgrade-docs) Other option would be to skip check for any path, which is returned by php_get_temporary_directory() call, but that sounds like a very bad idea. -- Alexey Zakhlestin http://blog.milkfarmsoft.com/ -- Alexey Zakhlestin http://blog.milkfarmsoft.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: open_basedir + sessions bug (or a feature?)
well, in case there are no objections I will remove special treatment of /tmp path in sessions code of 5.3 and 6.0 should 5.2 also be fixed? i would not put this into 5.2 this late into the lifetime of this branch. regards, Lukas -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] run-tests gsoc status?
Hey guys; On Aug 27, 2008, at 7:36 AM, Johannes Schlüter wrote: On Wed, 2008-08-27 at 10:46 +0200, Derick Rethans wrote: There was a run-tests.php rewrite application accepted for gsoc this summer.. I however haven't heard a word about it since then.. Does anyone know the status of that project? Still no reply to this? I suppose the project is then not going anywhere. Can any of the GSoC admins see if something happened with reviews here? Nothing happened there, neither student nor mentor filled out the final survey nor did I see any code. (but that's also true for projects doing quite well) Sorry about this guys. A large part of this is my fault. The time I could devote to this quickly evaporated as the summer wore on. I tried to get someone familiar with project to take over as mentor a little over half way through, but everyone else was tied up too. Couple that with someone that got in over their head and, well, the GSoC project just couldn't make it. All that said, I'm shooting for a 1.0 of PHPT by the end of the year. That will have complete running of the php-src tests, parallel test running, and full support for Windows (thanks in large part to all of the testing of PHPT that Elizabeth Smith has done). Michal - I would love to have some help on this. As I alluded to here, there is already a replacement for run-tests.php in the PHPT project (phpt.info). It's 0.1 release was a rewrite of PEAR_RunTest, so there are some discrepancies between what it can do currently and what run-tests is capable of. If you would like to help out, feel free to ping me off-list or on phpt-dev for some guidance. -T -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] run-tests gsoc status?
Travis Swicegood schrieb: All that said, I'm shooting for a 1.0 of PHPT by the end of the year. So the student worked on PHPT instead of run-tests.php? -- Sebastian Bergmann http://sebastian-bergmann.de/ GnuPG Key: 0xB85B5D69 / 27A7 2B14 09E4 98CD 6277 0E5B 6867 C514 B85B 5D69 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Is gmp_testbit going to be pushed out of CVS eventually?
As far as I can tell gmp_testbit was written 15 months ago (committed April 30, 2007?) but it's still sitting in CVS and is the only function in the gmp library ( http://www.php.net/manual/en/ref.gmp.php ) documented but still unavailable. I'm using gmp_scan1 right now but my bloom filter would be much more efficient if I had gmp_testbit. Thank you, Guillaume Theoret -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Is gmp_testbit going to be pushed out of CVS eventually?
On Wed, Aug 27, 2008 at 8:15 PM, Guillaume Theoret [EMAIL PROTECTED] wrote: As far as I can tell gmp_testbit was written 15 months ago (committed April 30, 2007?) but it's still sitting in CVS and is the only function in the gmp library ( http://www.php.net/manual/en/ref.gmp.php ) documented but still unavailable. I'm using gmp_scan1 right now but my bloom filter would be much more efficient if I had gmp_testbit. it is available in 5.3 -- Alexey Zakhlestin http://blog.milkfarmsoft.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] run-tests gsoc status?
On Aug 27, 2008, at 10:30 AM, Sebastian Bergmann wrote: So the student worked on PHPT instead of run-tests.php? Yes, as we talked about earlier in the year on IRC and on the wiki. For those of you who don't know what PHPT is: It's a ground-up rewrite of the PEAR_RunTest code (which was based on run-tests.php) that addresses the short-comings in architecture that both PEAR_RunTest and run-tests.php have. It's about 90% of the way there to being able to completely run all of the .phpt files in php-src, it just needs some attention to clean up all of the loose ends. -T -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Is gmp_testbit going to be pushed out of CVS eventually?
Ok, looking forward to the release in october then, thanks. On Wed, Aug 27, 2008 at 12:19 PM, Alexey Zakhlestin [EMAIL PROTECTED] wrote: On Wed, Aug 27, 2008 at 8:15 PM, Guillaume Theoret [EMAIL PROTECTED] wrote: As far as I can tell gmp_testbit was written 15 months ago (committed April 30, 2007?) but it's still sitting in CVS and is the only function in the gmp library ( http://www.php.net/manual/en/ref.gmp.php ) documented but still unavailable. I'm using gmp_scan1 right now but my bloom filter would be much more efficient if I had gmp_testbit. it is available in 5.3 -- Alexey Zakhlestin http://blog.milkfarmsoft.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] run-tests gsoc status?
Travis Swicegood schrieb: Yes, as we talked about earlier in the year on IRC and on the wiki. Interesting, almost everybody I talked to about this was not even aware of your PHPT project and thought you meant run-tests.php by it. -- Sebastian Bergmann http://sebastian-bergmann.de/ GnuPG Key: 0xB85B5D69 / 27A7 2B14 09E4 98CD 6277 0E5B 6867 C514 B85B 5D69 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] alpha2 scheduled
On Tue, Aug 26, 2008 at 18:27, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
- Curly braces support for namespaces (Marcus, not ready for alpha2)
Why not? I thought I saw a patch for this on the list recently (which
allowed both the current namespace foo; and namespace foo {}
syntaxes)..
-Hannes
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] alpha2 scheduled
Hello Hannes,
Wednesday, August 27, 2008, 8:32:41 PM, you wrote:
On Tue, Aug 26, 2008 at 18:27, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
- Curly braces support for namespaces (Marcus, not ready for alpha2)
Why not? I thought I saw a patch for this on the list recently (which
allowed both the current namespace foo; and namespace foo {}
syntaxes)..
It was an incomplete patch that simply allowed the syntax but did not
prevent code between two namespaces.
Best regards,
Marcus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir + sessions bug (or a feature?)
Hi! ext/sessions/mod_files.c:281 has a hardcoded openbasedir-check skipping of /tmp path for storing session-files, if sessions.save_path is not manually set. I would think the idea was to make it easier on inexperienced users. Since default AFAIK is /tmp, and it is highly unlikely that somebody would need to hide /tmp from the users, it makes more scenarios to work out of the box. Anyway, this looks like something done wrong from the beginning. Shouldn't /tmp be explicitly added to open_basedir list? Why should it have any special meaning? I propose to remove special treatment of /tmp (should be mentioned in upgrade-docs) Is there any problem that this treatment is causing? I.e. on Mac the default is different, but that's not a problem of this treatment - it's rather missing special treatment of /var/tmp on mac, I'd say :) So Mac users don't get this boon, but is it the reason to remove it form other users? -- Stanislav Malyshev, Zend Software Architect [EMAIL PROTECTED] http://www.zend.com/ (408)253-8829 MSN: [EMAIL PROTECTED] -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] open_basedir + sessions bug (or a feature?)
On Wed, Aug 27, 2008 at 11:59 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote: Hi! ext/sessions/mod_files.c:281 has a hardcoded openbasedir-check skipping of /tmp path for storing session-files, if sessions.save_path is not manually set. I would think the idea was to make it easier on inexperienced users. Since default AFAIK is /tmp, and it is highly unlikely that somebody would need to hide /tmp from the users, it makes more scenarios to work out of the box. Anyway, this looks like something done wrong from the beginning. Shouldn't /tmp be explicitly added to open_basedir list? Why should it have any special meaning? I propose to remove special treatment of /tmp (should be mentioned in upgrade-docs) Is there any problem that this treatment is causing? I.e. on Mac the default is different, but that's not a problem of this treatment - it's rather missing special treatment of /var/tmp on mac, I'd say :) So Mac users don't get this boon, but is it the reason to remove it form other users? Yes, it is in my opinion a flaw. It is the admin role to define a correct open_basedir set. Temporary directory should not be system wide in a shared hosting environment, especially not when the session are stored there by default. I don't think we should fix documentation problems by adding such tricks in a security related feature :) Cheers, -- Pierre http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] alpha2 scheduled
Hello Marcus,
Em Qua, 2008-08-27 às 23:47 +0200, Marcus Boerger escreveu:
Hello Hannes,
Wednesday, August 27, 2008, 8:32:41 PM, you wrote:
On Tue, Aug 26, 2008 at 18:27, Lukas Kahwe Smith [EMAIL PROTECTED] wrote:
- Curly braces support for namespaces (Marcus, not ready for alpha2)
Why not? I thought I saw a patch for this on the list recently (which
allowed both the current namespace foo; and namespace foo {}
syntaxes)..
It was an incomplete patch that simply allowed the syntax but did not
prevent code between two namespaces.
That my old patch prevent the code between namespaces, but it only allow
the syntax using { }. Then, I've updated it, now it allows both ({}, ;)
Well, maybe it can be useful...
Results using the patch:
?php
namespace a {
namespace b {
}
}
Fatal error: Nested namespace is not allowed in %s on line %d
-
?php
namespace a {
namespace b;
}
Fatal error: Nested namespace is not allowed in %s on line %d
-
?php
namespace a;
namespace b {}
namespace c;
print 1;
// OK, no error!
-
?php
namespace a;
namespace b {}
print 1;
Fatal error: This script contains namespaces, all other code must be
contained within namespace declarations in %s on line %d
-
?php
namespace a;
print 1;
namespace b {}
// OK, no error!
-
?php
print 1;
namespace a;
Fatal error: Namespace declaration statement has to be the very first
statement in the script in %s on line %d
http://felipe.ath.cx/diff/namespace-braces-5_3.diff
--
Regards,
Felipe Pena.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
