Hi!
> There is 2 issues.
> - header() removes all headers of the same name including 'Set-Cookie'
> - header() ignores replace flag. (This one is easy to fix)
We have the flag, so if it doesn't work it should be fixed. Also, one
should use setcookie() for cookies, usually.
> Possible
I've committed the safe part of the patch (almost your original idea).
http://git.php.net/?p=php-src.git;a=commitdiff;h=9ded1b4edbb140520e060de597267b3cb439f4c4
The part related to HASH_FLAG_LONG_KEYS/HASH_FLAG_STRING_KEYS is here
Hi Dmitry,
On second thought, I might have dismissed your HASH_FLAG_*_KEYS idea
prematurely.
Of course we will have to set/unset the flag in parts of the code that are very
hot and naturally that will lead to a regression in terms of CPU instructions.
But in regards to your idea of possibly
On Wed, 5 Oct 2016 at 20:11 Derick Rethans wrote:
> It should be migrated properly, and also to GIT.
>
Hi Ferenc,
Can you create a php.net hosted git repository for this (I guess under the
pecl/security namespace), and grant karma to le...@php.net for it.
Sorry for picking on
Results for project PHP master, build date 2016-10-19 06:25:32+03:00
commit: 0ffd0a0
previous commit:0a67b29
revision date: 2016-10-19 01:14:15+02:00
environment:Haswell-EP
cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores,
stepping 2, LLC 45 MB
On 18/10/16 23:05, Adam Baratz wrote:
> Please share your feedback. I'm happy to hear thoughts about the pdo_dblib
> example, but the RFC is more about the possibility of driver-specific types
> than these particular ones.
The whole point of PDO was that anything that was not available across
ALL
This is an option.
If nobody propose a better solution, I'll prepare the patch tomorrow (this
solution won't make BC breaks at all).
BTW: I think, HASH_FLAG_*_KEYS may be used to eliminate redundant checks on
every loop iteration in some functions.
Thanks. Dmitry.
I've updated the patch with few use cases
https://gist.github.com/dstogov/429fcc2ba051fdcf774a310c5d6db00d
The patch doesn't show any visible speed difference, but in term of "CPU
instructions" (measured by callgrind) it makes 0.3% regression on 100 requests
to Wordpress home page.
This is
>
> The output of the perf diff is quite poor I think, here's the mainline :
> 35.90% +44.94% php-fpm [.] 0x00042412
> 10.72% -6.05% libc-2.19.so[.] 0x00079030
> 9.71% -9.34% newrelic.so [.] 0x00030980
> 3.81% -3.47%
On 17 October 2016 at 21:57, Nikita Popov wrote:
> > I'm not sure I understand the motivation for throwing a deprecation
> notice
> > instead of a warning. In particular, what is the action that will be
> taken
> > here in the next major version?
>
On 18 October 2016 at
Hi,
Anatol Belski wrote:
Anatol Belski wrote:
Producing INF. There's currently no explicit way to produce INF and
NAN, whereby NAN is gettable with sqrt(-1).
echo PHP_DBL_MAX*PHP_DBL_MAX, " ", -PHP_DBL_MAX*PHP_DBL_MAX; INF
-INF
I'm not sure I understand this use-case. We already have the
Hi Andrea,
> -Original Message-
> From: Andrea Faulds [mailto:a...@ajf.me]
> Sent: Wednesday, October 19, 2016 2:49 PM
> To: internals@lists.php.net
> Subject: [PHP-DEV] Re: Constants for better double edge case handling
>
> Hi Anatol,
>
> Anatol Belski wrote:
> > Producing INF. There's
I may add comments for HT_IS_FULLY_PACKED() or may be use a better name
HT_IS_WITHOUT_HOLES()
From: Andrea Faulds
Sent: Wednesday, October 19, 2016 4:25:31 PM
To: internals@lists.php.net
Subject: Re: [PHP-DEV] Exploit fully packed array/hash
Hi Sara,
Sara Golemon wrote:
As it says on the tin: Wrap the BN (BigNumber) library in OpenSSL.
https://wiki.php.net/rfc/openssl.bignum
If I'm reading the patch correctly, do all the methods accepting BigNums
also accept PHP integers and strings, including hexadecimal strings?
Also, what
Thanks Joe. I'll add few optimization and make additional testing, then commit
in two peaces.
From: Joe Watkins
Sent: Wednesday, October 19, 2016 4:35:36 PM
To: Dmitry Stogov
Cc: Benjamin Coutu; Xinchen Hui; Nikita Popov; PHP Internals
Morning Dmitry,
That's what I thought it would look like, that's fine for 7.1 imo.
Cheers
Joe
On Wed, Oct 19, 2016 at 1:53 PM, Dmitry Stogov wrote:
> The main API/BC changes implementation: https://gist.github.com/dstogov/
> 429fcc2ba051fdcf774a310c5d6db00d
>
>
> All
Hi again,
Andrea Faulds wrote:
Second, do you know if any other PHP functions
do a similar check to JSON's php_json_determine_array_type for whether
an array is free of string keys and consecutively indexed? I wonder if
that could be abtracted into a zend_hash.c function.
It seems Dmitry was
Hi Dmitry,
Dmitry Stogov wrote:
The main API/BC changes implementation:
https://gist.github.com/dstogov/429fcc2ba051fdcf774a310c5d6db00d
All tests passed. Performance is not affected (+1 CPU instruction on each *new*
element insertion)
If it's OK and allowed, after committing this, I'll add
Hi Benjamin,
These are interesting optimisations. I definitely see the usefulness of
detecting packed arrays and short-circuiting: I've done that in my patch
to fix object/array casting, in order to avoid wasting time checking for
the existence of non-string keys, even if (object)[1, 2, 3] is
Thanks!
On 19.10.16 12:48, Joe Watkins wrote:
Morning internals, QA folks,
I would like to announce the availability of PHP-7.1.0RC4.
Downloads: http://downloads.php.net/~krakjoe/
php-7.1.0RC4.tar.bz2
SHA256 hash:
ed2ef6dec04d1f8745b6212c55684cfd1350fad28db4c659ff99e9c6d16d3f36
PGP
Hi Yasuo,
I don't think we should do anything about this beyond maybe warning the
user in the manual. header() is a generic function for setting headers,
it would be surprising if it had different behaviour for cookies or
session cookies. It is possible that use of this function in this way
Hello Rasmus,
Thank you for the insight. I ran exactly what you said, on the very
same php-fpm process, once just after restarting it almost 2 days ago,
so having fast response time, and one just right now after the "slow
down" issue triggered during the night.
The output of the perf diff is
The main API/BC changes implementation:
https://gist.github.com/dstogov/429fcc2ba051fdcf774a310c5d6db00d
All tests passed. Performance is not affected (+1 CPU instruction on each *new*
element insertion)
If it's OK and allowed, after committing this, I'll add few usages of these new
defines
Hi Anatol,
Anatol Belski wrote:
Producing INF. There's currently no explicit way to produce INF and NAN,
whereby NAN is gettable with sqrt(-1).
echo PHP_DBL_MAX*PHP_DBL_MAX, " ", -PHP_DBL_MAX*PHP_DBL_MAX;
INF -INF
I'm not sure I understand this use-case. We already have the INF and NAN
Hi Stas,
On Wed, Oct 19, 2016 at 8:57 PM, Yasuo Ohgaki wrote:
> Only valid use case is
>
> ob_start();
> session_start();
> session_set_cache_limiter('public'); // <== Call this between
> session_start() and session_regenerate_id()
> session_regenerate_id();
> ?>
>
> Other
Hi Davey,
On Wed, Oct 19, 2016 at 6:06 PM, Davey Shafik wrote:
> Yasuo, assuming "partial fix" doesn't mean "broken fix" but instead "it
> doesn't do everything I planned" then I do not want this in 7.1. As others
> have pointed out, it's not a small change and sessions are a
Hi Stas,
On Wed, Oct 19, 2016 at 3:08 PM, Stanislav Malyshev wrote:
>> I pushed patch fixes number of nonsense/inconsistent session function
>> behaviors. The additional patch is pushed so that it's easy to cherry
>> pick minimum fixes. The last push is the additional fixes.
Hi Yasuo,
> -Original Message-
> From: Yasuo Ohgaki [mailto:yohg...@ohgaki.net]
> Sent: Wednesday, October 19, 2016 2:35 AM
> To: Anatol Belski
> Cc: Joe Watkins ; Niklas Keller ;
> Leigh ; PHP Internals
Hi Benjamin,
I think this is great idea!
Let me check that can we get from this, and if we may add this into PHP-7.1 (it
may be to late).
Thanks. Dmitry.
From: Benjamin Coutu
Sent: Wednesday, October 19, 2016 1:45:00 PM
To: Xinchen Hui;
Thanks Joe!
- Davey
On Wed, Oct 19, 2016 at 3:48 AM, Joe Watkins wrote:
> Morning internals, QA folks,
>
> I would like to announce the availability of PHP-7.1.0RC4.
>
> Downloads: http://downloads.php.net/~krakjoe/
>
> php-7.1.0RC4.tar.bz2
> SHA256 hash:
>
Morning internals, QA folks,
I would like to announce the availability of PHP-7.1.0RC4.
Downloads: http://downloads.php.net/~krakjoe/
php-7.1.0RC4.tar.bz2
SHA256 hash:
ed2ef6dec04d1f8745b6212c55684cfd1350fad28db4c659ff99e9c6d16d3f36
PGP signature:
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Hello everyone,
I've identified a few more array/hash use cases where it might make sense to
introduce special short circuit logic for packed arrays.
Specifically, there is an additional property of certain packed arrays (apart
from being packed obviously) that we can utilize: A packed array
On Tue, Oct 18, 2016 at 11:08 PM, Stanislav Malyshev
wrote:
> Hi!
>
> > I pushed patch fixes number of nonsense/inconsistent session function
> > behaviors. The additional patch is pushed so that it's easy to cherry
> > pick minimum fixes. The last push is the additional
On Wed, Oct 19, 2016 at 1:48 AM, Daniel Morris
wrote:
> On Tue, 18 Oct 2016, at 09:22 AM, Nikita Popov wrote:
> > On Tue, Oct 18, 2016 at 3:35 AM, Sara Golemon wrote:
> >
> > > As it says on the tin: Wrap the BN (BigNumber) library in OpenSSL.
>
> Why
Hi!
> I pushed patch fixes number of nonsense/inconsistent session function
> behaviors. The additional patch is pushed so that it's easy to cherry
> pick minimum fixes. The last push is the additional fixes.
These changes look like a reasonable cleanup. I'm not a big fan of
Hi all,
On Wed, Oct 19, 2016 at 1:34 PM, Yasuo Ohgaki wrote:
>
> On Wed, Oct 19, 2016 at 12:18 PM, Stephen Reay
> wrote:
>> I still have an issue with that. I believe the correct behaviour here is
>> (assuming the `replace` argument to header() is
36 matches
Mail list logo