Re: [PHP-DEV] header() removes all header of the same name.

Hi! > There is 2 issues. > - header() removes all headers of the same name including 'Set-Cookie' > - header() ignores replace flag. (This one is easy to fix) We have the flag, so if it doesn't work it should be fixed. Also, one should use setcookie() for cookies, usually. > Possible

Re: [PHP-DEV] Exploit fully packed array/hash property

I've committed the safe part of the patch (almost your original idea). http://git.php.net/?p=php-src.git;a=commitdiff;h=9ded1b4edbb140520e060de597267b3cb439f4c4 The part related to HASH_FLAG_LONG_KEYS/HASH_FLAG_STRING_KEYS is here

Re: [PHP-DEV] Exploit fully packed array/hash property

Hi Dmitry, On second thought, I might have dismissed your HASH_FLAG_*_KEYS idea prematurely. Of course we will have to set/unset the flag in parts of the code that are very hot and naturally that will lead to a regression in terms of CPU instructions. But in regards to your idea of possibly

[PHP-DEV] Re: [PECL-DEV] Intention to move mcrypt to PECL

On Wed, 5 Oct 2016 at 20:11 Derick Rethans wrote: > It should be migrated properly, and also to GIT. > Hi Ferenc, Can you create a php.net hosted git repository for this (I guess under the pecl/security namespace), and grant karma to le...@php.net for it. Sorry for picking on

[PHP-DEV] GOOD Benchmark Results for PHP Master 2016-10-19

Results for project PHP master, build date 2016-10-19 06:25:32+03:00 commit: 0ffd0a0 previous commit:0a67b29 revision date: 2016-10-19 01:14:15+02:00 environment:Haswell-EP cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2, LLC 45 MB

Re: [PHP-DEV] [RFC] Driver-Specific PDO Param Types

On 18/10/16 23:05, Adam Baratz wrote: > Please share your feedback. I'm happy to hear thoughts about the pdo_dblib > example, but the RFC is more about the possibility of driver-specific types > than these particular ones. The whole point of PDO was that anything that was not available across ALL

Re: [PHP-DEV] Exploit fully packed array/hash property

This is an option. If nobody propose a better solution, I'll prepare the patch tomorrow (this solution won't make BC breaks at all). BTW: I think, HASH_FLAG_*_KEYS may be used to eliminate redundant checks on every loop iteration in some functions. Thanks. Dmitry.

Re: [PHP-DEV] Exploit fully packed array/hash property

I've updated the patch with few use cases https://gist.github.com/dstogov/429fcc2ba051fdcf774a310c5d6db00d The patch doesn't show any visible speed difference, but in term of "CPU instructions" (measured by callgrind) it makes 0.3% regression on 100 requests to Wordpress home page. This is

Re: [PHP-DEV] Performance drops after some time, PHP7-FPM + Docker

> > The output of the perf diff is quite poor I think, here's the mainline : > 35.90% +44.94% php-fpm [.] 0x00042412 > 10.72% -6.05% libc-2.19.so[.] 0x00079030 > 9.71% -9.34% newrelic.so [.] 0x00030980 > 3.81% -3.47%

Re: [PHP-DEV] [RFC] Counting of non-countable objects

On 17 October 2016 at 21:57, Nikita Popov wrote: > > I'm not sure I understand the motivation for throwing a deprecation > notice > > instead of a warning. In particular, what is the action that will be > taken > > here in the next major version? > On 18 October 2016 at

Re: [PHP-DEV] Re: Constants for better double edge case handling

Hi, Anatol Belski wrote: Anatol Belski wrote: Producing INF. There's currently no explicit way to produce INF and NAN, whereby NAN is gettable with sqrt(-1). echo PHP_DBL_MAX*PHP_DBL_MAX, " ", -PHP_DBL_MAX*PHP_DBL_MAX; INF -INF I'm not sure I understand this use-case. We already have the

RE: [PHP-DEV] Re: Constants for better double edge case handling

Hi Andrea, > -Original Message- > From: Andrea Faulds [mailto:a...@ajf.me] > Sent: Wednesday, October 19, 2016 2:49 PM > To: internals@lists.php.net > Subject: [PHP-DEV] Re: Constants for better double edge case handling > > Hi Anatol, > > Anatol Belski wrote: > > Producing INF. There's

Re: [PHP-DEV] Exploit fully packed array/hash property

I may add comments for HT_IS_FULLY_PACKED() or may be use a better name HT_IS_WITHOUT_HOLES() From: Andrea Faulds Sent: Wednesday, October 19, 2016 4:25:31 PM To: internals@lists.php.net Subject: Re: [PHP-DEV] Exploit fully packed array/hash

[PHP-DEV] Re: [RFC] OpenSSL BigNum support

Hi Sara, Sara Golemon wrote: As it says on the tin: Wrap the BN (BigNumber) library in OpenSSL. https://wiki.php.net/rfc/openssl.bignum If I'm reading the patch correctly, do all the methods accepting BigNums also accept PHP integers and strings, including hexadecimal strings? Also, what

Re: [PHP-DEV] Exploit fully packed array/hash property

Thanks Joe. I'll add few optimization and make additional testing, then commit in two peaces. From: Joe Watkins Sent: Wednesday, October 19, 2016 4:35:36 PM To: Dmitry Stogov Cc: Benjamin Coutu; Xinchen Hui; Nikita Popov; PHP Internals

Re: [PHP-DEV] Exploit fully packed array/hash property

Morning Dmitry, That's what I thought it would look like, that's fine for 7.1 imo. Cheers Joe On Wed, Oct 19, 2016 at 1:53 PM, Dmitry Stogov wrote: > The main API/BC changes implementation: https://gist.github.com/dstogov/ > 429fcc2ba051fdcf774a310c5d6db00d > > > All

Re: [PHP-DEV] Exploit fully packed array/hash property

Hi again, Andrea Faulds wrote: Second, do you know if any other PHP functions do a similar check to JSON's php_json_determine_array_type for whether an array is free of string keys and consecutively indexed? I wonder if that could be abtracted into a zend_hash.c function. It seems Dmitry was

Re: [PHP-DEV] Exploit fully packed array/hash property

Hi Dmitry, Dmitry Stogov wrote: The main API/BC changes implementation: https://gist.github.com/dstogov/429fcc2ba051fdcf774a310c5d6db00d All tests passed. Performance is not affected (+1 CPU instruction on each *new* element insertion) If it's OK and allowed, after committing this, I'll add

Re: [PHP-DEV] Exploit fully packed array/hash property

Hi Benjamin, These are interesting optimisations. I definitely see the usefulness of detecting packed arrays and short-circuiting: I've done that in my patch to fix object/array casting, in order to avoid wasting time checking for the existence of non-string keys, even if (object)[1, 2, 3] is

Re: [PHP-DEV] PHP-7.1.0RC4

Thanks! On 19.10.16 12:48, Joe Watkins wrote: Morning internals, QA folks, I would like to announce the availability of PHP-7.1.0RC4. Downloads: http://downloads.php.net/~krakjoe/ php-7.1.0RC4.tar.bz2 SHA256 hash: ed2ef6dec04d1f8745b6212c55684cfd1350fad28db4c659ff99e9c6d16d3f36 PGP

[PHP-DEV] Re: header() removes all header of the same name.

Hi Yasuo, I don't think we should do anything about this beyond maybe warning the user in the manual. header() is a generic function for setting headers, it would be surprising if it had different behaviour for cookies or session cookies. It is possible that use of this function in this way

Re: [PHP-DEV] Performance drops after some time, PHP7-FPM + Docker

Hello Rasmus, Thank you for the insight. I ran exactly what you said, on the very same php-fpm process, once just after restarting it almost 2 days ago, so having fast response time, and one just right now after the "slow down" issue triggered during the night. The output of the perf diff is

Re: [PHP-DEV] Exploit fully packed array/hash property

The main API/BC changes implementation: https://gist.github.com/dstogov/429fcc2ba051fdcf774a310c5d6db00d All tests passed. Performance is not affected (+1 CPU instruction on each *new* element insertion) If it's OK and allowed, after committing this, I'll add few usages of these new defines

[PHP-DEV] Re: Constants for better double edge case handling

Hi Anatol, Anatol Belski wrote: Producing INF. There's currently no explicit way to produce INF and NAN, whereby NAN is gettable with sqrt(-1). echo PHP_DBL_MAX*PHP_DBL_MAX, " ", -PHP_DBL_MAX*PHP_DBL_MAX; INF -INF I'm not sure I understand this use-case. We already have the INF and NAN

Re: [PHP-DEV] Re: Fixing insane session_start() behaviors

Hi Stas, On Wed, Oct 19, 2016 at 8:57 PM, Yasuo Ohgaki wrote: > Only valid use case is > > ob_start(); > session_start(); > session_set_cache_limiter('public'); // <== Call this between > session_start() and session_regenerate_id() > session_regenerate_id(); > ?> > > Other

Re: [PHP-DEV] Re: Fixing insane session_start() behaviors

Hi Davey, On Wed, Oct 19, 2016 at 6:06 PM, Davey Shafik wrote: > Yasuo, assuming "partial fix" doesn't mean "broken fix" but instead "it > doesn't do everything I planned" then I do not want this in 7.1. As others > have pointed out, it's not a small change and sessions are a

Re: [PHP-DEV] Re: Fixing insane session_start() behaviors

Hi Stas, On Wed, Oct 19, 2016 at 3:08 PM, Stanislav Malyshev wrote: >> I pushed patch fixes number of nonsense/inconsistent session function >> behaviors. The additional patch is pushed so that it's easy to cherry >> pick minimum fixes. The last push is the additional fixes.

RE: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Yasuo, > -Original Message- > From: Yasuo Ohgaki [mailto:yohg...@ohgaki.net] > Sent: Wednesday, October 19, 2016 2:35 AM > To: Anatol Belski > Cc: Joe Watkins ; Niklas Keller ; > Leigh ; PHP Internals

Re: [PHP-DEV] Exploit fully packed array/hash property

Hi Benjamin, I think this is great idea! Let me check that can we get from this, and if we may add this into PHP-7.1 (it may be to late). Thanks. Dmitry. From: Benjamin Coutu Sent: Wednesday, October 19, 2016 1:45:00 PM To: Xinchen Hui;

Re: [PHP-DEV] PHP-7.1.0RC4

Thanks Joe! - Davey On Wed, Oct 19, 2016 at 3:48 AM, Joe Watkins wrote: > Morning internals, QA folks, > > I would like to announce the availability of PHP-7.1.0RC4. > > Downloads: http://downloads.php.net/~krakjoe/ > > php-7.1.0RC4.tar.bz2 > SHA256 hash: >

[PHP-DEV] PHP-7.1.0RC4

Morning internals, QA folks, I would like to announce the availability of PHP-7.1.0RC4. Downloads: http://downloads.php.net/~krakjoe/ php-7.1.0RC4.tar.bz2 SHA256 hash: ed2ef6dec04d1f8745b6212c55684cfd1350fad28db4c659ff99e9c6d16d3f36 PGP signature: -BEGIN PGP SIGNATURE- Version: GnuPG v1

[PHP-DEV] Exploit fully packed array/hash property

Hello everyone, I've identified a few more array/hash use cases where it might make sense to introduce special short circuit logic for packed arrays. Specifically, there is an additional property of certain packed arrays (apart from being packed obviously) that we can utilize: A packed array

Re: [PHP-DEV] Re: Fixing insane session_start() behaviors

On Tue, Oct 18, 2016 at 11:08 PM, Stanislav Malyshev wrote: > Hi! > > > I pushed patch fixes number of nonsense/inconsistent session function > > behaviors. The additional patch is pushed so that it's easy to cherry > > pick minimum fixes. The last push is the additional

Re: [PHP-DEV] [RFC] OpenSSL BigNum support

On Wed, Oct 19, 2016 at 1:48 AM, Daniel Morris wrote: > On Tue, 18 Oct 2016, at 09:22 AM, Nikita Popov wrote: > > On Tue, Oct 18, 2016 at 3:35 AM, Sara Golemon wrote: > > > > > As it says on the tin: Wrap the BN (BigNumber) library in OpenSSL. > > Why

Re: [PHP-DEV] Re: Fixing insane session_start() behaviors

Hi! > I pushed patch fixes number of nonsense/inconsistent session function > behaviors. The additional patch is pushed so that it's easy to cherry > pick minimum fixes. The last push is the additional fixes. These changes look like a reasonable cleanup. I'm not a big fan of

Re: [PHP-DEV] Re: header() removes all header of the same name.

Hi all, On Wed, Oct 19, 2016 at 1:34 PM, Yasuo Ohgaki wrote: > > On Wed, Oct 19, 2016 at 12:18 PM, Stephen Reay > wrote: >> I still have an issue with that. I believe the correct behaviour here is >> (assuming the `replace` argument to header() is