Re: [PHP-DEV] Stop Exceptions capturing object references for trace arguments

Hi! > The "args" part of this contains full object references to anything that > happens to have been a function argument in the stack, and causes two > problems: I think it makes sense to make exception not to collect args. In fact, I think this may also be one of rare cases where new ini

[PHP-DEV] NEUTRAL Benchmark Results for PHP Master 2017-08-10

Results for project PHP master, build date 2017-08-10 19:23:12-07:00 commit: 9ae9533 previous commit:c8efaea revision date: 2017-08-10 19:48:19+01:00 environment:Haswell-EP cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2, LLC 45 MB

Re: [PHP-DEV] [RFC][DISCUSSION] Allow default value in list() syntax

This is true, I remember having done it in the past. I still think it would be nice and feel natural to have the default values directly built into the list construct. It would be a bit faster, because it does not have to allocate a new temporary array. Whether this difference matters depends

[PHP-DEV] Stop Exceptions capturing object references for trace arguments

Hi All, This topic has been discussed a couple of times before: - http://marc.info/?t=13811834162=1=2 - http://marc.info/?t=14270882851=1=2 - http://marc.info/?t=14379810282=1=2 I was inspired to revive the topic by this bug report: https://bugs.php.net/bug.php?id=75056=3

Re: [PHP-DEV] [RFC][DISCUSSION] Allow default value in list() syntax

You can merge the result with default values like this: [$foo, $bar, $foobar] = explode(':', 'foo:bar') + [23, 42, 1337]; var_dump($foo, $bar, $foobar); -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] WDDX serialization and security

On 11 Aug 2017 15.38, "Remi Collet" wrote: Le 11/08/2017 à 15:15, Nikita Popov a écrit : > I'm wondering if it might be time to remove (i.e. deprecate and move to > PECL) the wddx extension? +1 +2

Re: [PHP-DEV] WDDX serialization and security

Am 11.08.2017 um 15:15 schrieb Nikita Popov: > I'm wondering if it might be time to remove (i.e. deprecate and move to > PECL) the wddx extension? I have never seen it used in the wild. So +1 from me for deprecation in 7.2 and removal in 8.0. -- PHP Internals - PHP Runtime Development Mailing

Re: [PHP-DEV] [RFC][DISCUSSION] Allow default value in list() syntax

When you understand something, it often can be hard to understand why others wouldn't. I don't see why people struggle with it either, but I do see it happen quite a lot. I would still think that if you are going to deconstruct something in a structured way, you should validate your data is

Re: [PHP-DEV] WDDX serialization and security

Le 11/08/2017 à 15:15, Nikita Popov a écrit : > I'm wondering if it might be time to remove (i.e. deprecate and move to > PECL) the wddx extension? +1 signature.asc Description: OpenPGP digital signature

[PHP-DEV] WDDX serialization and security

Hi internals, Same question here as with unserialize(). https://bugs.php.net/bug.php?id=75007 has recently been classified as not a security bug, because WDDX should not be fed untrusted data. To provide some context here, our WDDX implementation is generally vulnerable to object injection (it

[PHP-DEV] Re: [Request][Discussion] Double value as array key improvement

> On Aug 11, 2017, at 2:10 PM, Andrew Nester wrote: > > Hello everyone! > > I was working on following request https://bugs.php.net/bug.php?id=75053 > which resulted in following pull > request

[PHP-DEV] A bit of serialize() history

I made a writeup: Serialize() and Unserialize() and where do they come from? Next year, all of this will be 20 years old. http://blog.koehntopp.info/index.php/2407-php-understanding-unserialize/ -- Kristian Köhntopp http://google.com/+KristianKohntopp -- PHP Internals - PHP Runtime

[PHP-DEV] [Request][Discussion] Double value as array key improvement

Hello everyone! I was working on following request https://bugs.php.net/bug.php?id=75053 which resulted in following pull request https://github.com/php/php-src/pull/2676 The problem here is following: when

Re: [PHP-DEV] Unserialize security policy

On Thu, Aug 10, 2017 at 10:49 AM, Nikita Popov wrote: > On Sun, Aug 6, 2017 at 12:49 AM, Stanislav Malyshev > wrote: > >> Hi! >> >> > https://bugs.php.net/bug.php?id=75006 has been marked as a non-security >> > bug, with the justification that

Re: [PHP-DEV] [RFC][DISCUSSION] Allow default value in list() syntax

"Andreas Hennings" wrote in message news:CAH0Uv3HQK5wjcd_-9GynMw34H78ZTv09q9bc=yZ10JBbeT=v...@mail.gmail.com... On Fri, Aug 11, 2017 at 12:01 AM, Devnuhl Unnamed wrote: Would isset($suffix) not suffice here? You mean like so? list($prefix, $suffix) = explode(':',