Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Anatol, On Wed, Oct 19, 2016 at 8:20 PM, Anatol Belski wrote: >> I won't have time to write RFC for this, probably. I have many other things >> that I >> would like to improve, like session error status handling improvement that I >> recently proposed. >> > I see. It's

Re: [PHP-DEV] header() removes all header of the same name.

Hi Stas, I posted an an idea for preventing accidental cookie deletion. 'Set-Cookie' is a HTTP header, but provide dedicated functions for it. I pasted it with a little modification. What do you think? Bottom line is I would like to prevent lost session ID by header() in the future. Implement

Re: [PHP-DEV] header() removes all header of the same name.

2016-10-20 11:57 GMT+02:00 Yasuo Ohgaki : > Hi Niklas, > > On Thu, Oct 20, 2016 at 6:01 PM, Niklas Keller wrote: > > > > same here, it's not acceptable to limit header and restrict `set_cookie`. > > Just think about all those frameworks that would have to

[PHP-DEV] Re: [PHP-CVS] com php-src: This is a very very old thing dated back to year 2009. MYSQL_OPT_READ_TIMEOUT was never a macro in mysqlnd but an enum value. So this never actually worked correct

Hi, I have fixed the test for now, but I believe a mention to the new constant should be added to NEWS and UPGRADING in master. Cheers On 18/10/2016 10:59, Matteo Beccati wrote: > Hi Andrey, > > you're probably aware of it by now, but in any case, this commit (or > others related) seems to

Re: [PHP-DEV] header() removes all header of the same name.

Hi Niklas, There is even a userland hook for the specific functionality you mention: header_register_callback(). But I would argue that no fix is necessary. If you as a developer call session_start(), and then later call header(‘Set-Cookie:…’) with replace left as true, I think it’s safe to

Re: [PHP-DEV] header() removes all header of the same name.

Hi Stephen, On Thu, Oct 20, 2016 at 8:24 PM, Stephen Reay wrote: > The *only* solution that retains full control for the developer, is no > change. Any “magic” about “untouchable” cookie headers (e.g. forcing the > session cookie header after userland cookie headers)

Re: [PHP-DEV] [RFC] Driver-Specific PDO Param Types

Hi Adam, On 19/10/2016 00:05, Adam Baratz wrote: > I've created an RFC to change how types are defined in PDO: > https://wiki.php.net/rfc/driver-specific-pdo-param-types > > Please share your feedback. I'm happy to hear thoughts about the pdo_dblib > example, but the RFC is more about the

Re: [PHP-DEV] header() removes all header of the same name.

Hi Niklas, On Thu, Oct 20, 2016 at 6:01 PM, Niklas Keller wrote: > > same here, it's not acceptable to limit header and restrict `set_cookie`. > Just think about all those frameworks that would have to specialcase setting > headers now and have to use the cookie API then. > >

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

On Thu, Oct 20, 2016 at 4:44 PM, Yasuo Ohgaki wrote: > Application requires unique ID under across multi process/thread > tasks, it will have more chance to have collided unique ID. uniqid fill(s|ed) some needs or maybe still fits for some. However for modern application

Re: [PHP-DEV] header() removes all header of the same name.

Hi Niklas, On Thu, Oct 20, 2016 at 7:39 PM, Niklas Keller wrote: > 016-10-20 11:57 GMT+02:00 Yasuo Ohgaki : >> >> Hi Niklas, >> >> On Thu, Oct 20, 2016 at 6:01 PM, Niklas Keller wrote: >> > >> > same here, it's not acceptable to limit

Re: [PHP-DEV] header() removes all header of the same name.

Hi Stephen, On Thu, Oct 20, 2016 at 5:23 PM, Stephen Reay wrote: > Please understand: *no* “solution" where header() loses the ability to write > any arbitrary header will be acceptable in my opinion. Thank you for feedback. I'll include vote option for prohibiting

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Kalle, On Thu, Oct 20, 2016 at 5:17 PM, Kalle Sommer Nielsen wrote: > 2016-10-20 9:18 GMT+02:00 Yasuo Ohgaki : >> "Do not make assumption for uniqid() output format, entropy >> especially. uniqid() output format may be changed to provide >> reasonably unique

Re: [PHP-DEV] header() removes all header of the same name.

Hi All, Just to make my earlier point of view crystal clear: As a purely userland party and someone maintaining a PHP framework, I don’t think it’s acceptable to limit which headers header()/header_remove() can operate on, particularly when the problem you’re trying to ‘solve’ is simply

Re: [PHP-DEV] header() removes all header of the same name.

Hi Stephen, On Thu, Oct 20, 2016 at 4:48 PM, Stephen Reay wrote: > > Just to make my earlier point of view crystal clear: As a purely userland > party and someone maintaining a PHP framework, I don’t think it’s acceptable > to limit which headers header()/header_remove()

Re: [PHP-DEV] header() removes all header of the same name.

Hi Yasuo, > On 20 Oct 2016, at 15:10, Yasuo Ohgaki wrote: > > Hi Stephen, > > On Thu, Oct 20, 2016 at 4:48 PM, Stephen Reay wrote: >> >> Just to make my earlier point of view crystal clear: As a purely userland >> party and someone maintaining a

Re: [PHP-DEV] header() removes all header of the same name.

2016-10-20 10:28 GMT+02:00 Yasuo Ohgaki : > Hi Stephen, > > On Thu, Oct 20, 2016 at 5:23 PM, Stephen Reay > wrote: > > Please understand: *no* “solution" where header() loses the ability to > write any arbitrary header will be acceptable in my

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Kalle, I forgot to mention one more thing. On Thu, Oct 20, 2016 at 6:28 PM, Yasuo Ohgaki wrote: > Warnings are based on following facts. > > uniqid(); // without entropy > > usleep(1) is called to get unique timestamp, but NTP can disturb and > uniqid() can result in the

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Improve uniqid() uniqueness

Hi Yasuo 2016-10-20 9:18 GMT+02:00 Yasuo Ohgaki : > "Do not make assumption for uniqid() output format, entropy > especially. uniqid() output format may be changed to provide > reasonably unique ID in future versions." Sounds reasonable to me; although I would phrase it a

Re: [PHP-DEV] header() removes all header of the same name.

On 20.10.2016 at 14:15, Stephen Reay wrote: > As with Niklas, I have no vote, so my *only* option to prevent what I > consider to be a bad decision, is to post to this thread and hope that enough > of those who *do* have voting rights, reject the proposal. > > I understand what you’re

Re: [PHP-DEV] header() removes all header of the same name.

2016-10-20 13:41 GMT+02:00 Yasuo Ohgaki : > Hi Stephen, > > On Thu, Oct 20, 2016 at 8:24 PM, Stephen Reay > wrote: > > The *only* solution that retains full control for the developer, is no > > change. Any “magic” about “untouchable” cookie headers

Re: [PHP-DEV] header() removes all header of the same name.

Hi Ptephen, On Thu, Oct 20, 2016 at 9:15 PM, Stephen Reay wrote: > As with Niklas, I have no vote, so my *only* option to prevent what I > consider to be a bad decision, is to post to this thread and hope that enough > of those who *do* have voting rights, reject the

Re: [PHP-DEV] header() removes all header of the same name.

Hi Yasuo, > On 20 Oct 2016, at 19:21, Yasuo Ohgaki wrote: > > Hi Ptephen, > > On Thu, Oct 20, 2016 at 9:15 PM, Stephen Reay > wrote: >> As with Niklas, I have no vote, so my *only* option to prevent what I >> consider to be a bad decision, is to

Re: [PHP-DEV] header() removes all header of the same name.

Hi Stephen, On Thu, Oct 20, 2016 at 9:41 PM, Stephen Reay wrote: >> I don't want to get bug report that session lost or some important >> cookie lost somehow. > > Why is your concern so focussed on solving problems for inexperienced > developers, who are effectively

Re: [PHP-DEV] header() removes all header of the same name.

Hi Stats, On Fri, Oct 21, 2016 at 5:54 AM, Stanislav Malyshev wrote: > >> The idea is to separate HTTP header handling functions. >> >> - header*() for any HTTP headers except 'Set-Cookie' >> - cookie*() for only 'Set-Cookie' header > > This does not look like a good

Re: [PHP-DEV] header() removes all header of the same name.

Hi! > The idea is to separate HTTP header handling functions. > > - header*() for any HTTP headers except 'Set-Cookie' > - cookie*() for only 'Set-Cookie' header This does not look like a good design. First of all, HTTP spec allows multiple instances of any header. Second, making function

Re: [PHP-DEV] header() removes all header of the same name.

On 10/20/2016 4:58 PM, Guy Marriott wrote: FWIW Yasuo, I also think this is a bad idea. If you remove the ability to set cookie _headers_ with the header function then the function needs a more appropriate name - perhaps headerExceptCookie. That makes 5 people opposed - 100% of the individuals

Re: [PHP-DEV] header() removes all header of the same name.

FWIW Yasuo, I also think this is a bad idea. If you remove the ability to set cookie _headers_ with the header function then the function needs a more appropriate name - perhaps headerExceptCookie. That makes 5 people opposed - 100% of the individuals who have responded in this thread. On Fri,

Re: [PHP-DEV] header() removes all header of the same name.

Hi Niklas and all, On Thu, Oct 20, 2016 at 9:21 PM, Niklas Keller wrote: > Before we even discuss disallowing `header("set-cookie")`, we should have a > sane cookie API, e.g. one that like `setcookie($name, $value, $flags)`. > > That's also the way we implemented it in Aerys >

Re: [PHP-DEV] header() removes all header of the same name.

On Fri, Oct 21, 2016 at 9:35 AM, Yasuo Ohgaki wrote: > On Thu, Oct 20, 2016 at 9:21 PM, Niklas Keller wrote: >> Before we even discuss disallowing `header("set-cookie")`, we should have a >> sane cookie API, e.g. one that like `setcookie($name, $value,

Re: [PHP-DEV] header() removes all header of the same name.

Is it normal to alter (or support multiple) function signatures like this, when you want to improve the name *and* improve the signature? Wouldn’t you just leave setcookie() as-is, introduce the new cookie_* functions, and then deprecate set cookie later? (ala mysql => mysqli) As for the

Re: [PHP-DEV] header() removes all header of the same name.

Hi Niklas, On Thu, Oct 20, 2016 at 9:21 PM, Niklas Keller wrote: > 2016-10-20 13:41 GMT+02:00 Yasuo Ohgaki : >> >> Hi Stephen, >> >> On Thu, Oct 20, 2016 at 8:24 PM, Stephen Reay >> wrote: >> > The *only* solution that retains full

[PHP-DEV] BAD Benchmark Results for PHP Master 2016-10-20

Results for project PHP master, build date 2016-10-20 06:26:14+03:00 commit: 03cd0f6 previous commit:0ffd0a0 revision date: 2016-10-20 01:17:55+03:00 environment:Haswell-EP cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2, LLC 45 MB

Re: [PHP-DEV] header() removes all header of the same name.

Hi Yasuo, As with Niklas, I have no vote, so my *only* option to prevent what I consider to be a bad decision, is to post to this thread and hope that enough of those who *do* have voting rights, reject the proposal. I understand what you’re proposing. But honestly I don’t even agree with the

[PHP-DEV] Re: [PHP-CVS] com php-src: This is a very very old thing dated backto year 2009. MYSQL_OPT_READ_TIMEOUT was never a macro in mysqlnd but an enumvalue. So this never actually worked correctly

On 20.10.2016 at 12:57, Matteo Beccati wrote: > I have fixed the test for now, Thanks! > but I believe a mention to the new > constant should be added to NEWS and UPGRADING in master. In my opinion it is not necessary to add that to NEWS, but it's quite important to add the info to UPGRADING,