Hi Rasmus,
On 08/03/2013 07:51 PM, Rasmus Lerdorf wrote:
Hey Johannes, could you take a look at:
https://gist.github.com/anonymous/6143477
You can reproduce in 5.5 with:
sapi/cli/php ext/mysqli/tests/mysqli_poll_kill.php
main/streams/cast.c:306 is:
if (php_stream_is_filtered(stream)) {
Hi,
On Mon, Aug 5, 2013 at 2:01 AM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
Thank you for noticing crash. Data can be null, so the fix is OK.
Removing the limitation that prohibits setting session ID is fine for me,
too.
Please, apply your patch.
I thought we were in agreement about doing
Hi Arpad,
On Mon, Aug 5, 2013 at 6:22 PM, Arpad Ray array...@gmail.com wrote:
I thought we were in agreement about doing this properly in PHP.next? My
arguments against this version of the patch still stand:
We had long discussion and decided to apply maintained branches
as security
Hi Yasuo,
On Mon, Aug 5, 2013 at 10:50 AM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
On Mon, Aug 5, 2013 at 6:22 PM, Arpad Ray array...@gmail.com wrote:
I thought we were in agreement about doing this properly in PHP.next? My
arguments against this version of the patch still stand:
We had
Hi Arpad,
On Mon, Aug 5, 2013 at 7:05 PM, Arpad Ray array...@gmail.com wrote:
I'm not against the idea in principle but still think having a security
feature which just quietly fails if you're not using one of two modified
handlers is really not good.
I also think there's no great rush to
Hi Yasuo,
On Mon, Aug 5, 2013 at 11:10 AM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
On Mon, Aug 5, 2013 at 7:05 PM, Arpad Ray array...@gmail.com wrote:
I'm not against the idea in principle but still think having a security
feature which just quietly fails if you're not using one of two
Hi Arpad,
On Mon, Aug 5, 2013 at 7:26 PM, Arpad Ray array...@gmail.com wrote:
Could you point me to where this was decided please? I don't see a vote or
anything like a consensus in the previous threads.
There isn't vote for this RFC since this is security.
It's also a consensus.
The main
On 08/05/2013 03:32 AM, Andrey Hristov wrote:
I just tried the combo PHP 5.5 (git) with MySQL 5.6 (13-dev) without
segfault. What's your setup?
This is on my Ubuntu 13.04 laptop. mysql Ver 14.14 Distrib 5.5.32 with
PHP 5.5 git just running make test. I get a core every time on that test
in
I have added a simple test case for Linux to verify it's basic
functionality via the CLI server, and think it's ready to be merged to
master to be able to test it within a wider audience.
Objections, anyone?
https://github.com/m6w6/php-src/compare/2Guploads
Thank you Ralf!
--
Regards,
Mike
--
On 5 August 2013 14:05, Michael Wallner m...@php.net wrote:
I have added a simple test case for Linux to verify it's basic
functionality via the CLI server, and think it's ready to be merged to
master to be able to test it within a wider audience.
Objections, anyone?
Hi Mike,
On Aug 5, 2013 3:58 PM, Michael Wallner m...@php.net wrote:
On 5 August 2013 14:05, Michael Wallner m...@php.net wrote:
I have added a simple test case for Linux to verify it's basic
functionality via the CLI server, and think it's ready to be merged to
master to be able to test
On Fri, Aug 2, 2013 at 9:55 PM, Levi Morrison morrison.l...@gmail.comwrote:
If you have ideas or things to say, I'm listening.
https://github.com/jpauli/php-src/compare/macroing
Is there a reason you switched from names like `__toString` to
`__tostring`
Julien Pauli in php.internals (Fri, 2 Aug 2013 10:05:00 +0200):
Please test the release carefully and report any bugs.
What is the best way to report things that are so small that opening an
issue would be overkill?
I have got some tiny remarks:
- Typo in NEWS: OPcahce should be OPcache
- Remove
On 8/5/13 8:12 AM, Jan Ehrhardt wrote:
Julien Pauli in php.internals (Fri, 2 Aug 2013 10:05:00 +0200):
Please test the release carefully and report any bugs.
What is the best way to report things that are so small that opening an
issue would be overkill?
I have got some tiny remarks:
-
Hi Yasuo,
On Mon, Aug 5, 2013 at 11:38 AM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
On Mon, Aug 5, 2013 at 7:26 PM, Arpad Ray array...@gmail.com wrote:
Could you point me to where this was decided please? I don't see a vote
or anything like a consensus in the previous threads.
There isn't
On 5 August 2013 16:19, Pierre Joye pierre@gmail.com wrote:
Hi Mike,
On Aug 5, 2013 3:58 PM, Michael Wallner m...@php.net wrote:
On 5 August 2013 14:05, Michael Wallner m...@php.net wrote:
I have added a simple test case for Linux to verify it's basic
functionality via the CLI server,
Hi Arpad,
On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray array...@gmail.com wrote:
I think there really should be a vote.
This means you don't really understand the true risk of this vulnerability.
It allows permanent session ID fixation. This is CVE assigned vulnerability.
Details are explained
Hi Yasuo,
On Mon, Aug 5, 2013 at 7:46 PM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray array...@gmail.com wrote:
I think there really should be a vote.
This means you don't really understand the true risk of this vulnerability.
It allows permanent
Hi!
I'm not going to repeat my arguments against the committed solution yet
again, but I really think we need a better one.
You are free to propose a better one. Since this topic is being
discussed for almost 2 years and nobody came with anything better, as
far as I know, I think it is
Hi Stas,
On Mon, Aug 5, 2013 at 8:23 PM, Stas Malyshev smalys...@sugarcrm.comwrote:
I'm not going to repeat my arguments against the committed solution yet
again, but I really think we need a better one.
You are free to propose a better one. Since this topic is being
discussed for almost
Hi Arpad,
On Tue, Aug 6, 2013 at 4:17 AM, Arpad Ray array...@gmail.com wrote:
On Mon, Aug 5, 2013 at 7:46 PM, Yasuo Ohgaki yohg...@ohgaki.net wrote:
On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray array...@gmail.com wrote:
I think there really should be a vote.
This means you don't really
Hi Arpad,
On Tue, Aug 6, 2013 at 4:33 AM, Arpad Ray array...@gmail.com wrote:
Hi Stas,
On Mon, Aug 5, 2013 at 8:23 PM, Stas Malyshev smalys...@sugarcrm.comwrote:
I'm not going to repeat my arguments against the committed solution yet
again, but I really think we need a better one.
You
22 matches
Mail list logo