date:20210715

Re: [PHP-DEV] [RFC] [VOTE] is_literal

2021-07-15 Thread Craig Francis

Just another day, and another injection vulnerability (please patch):

https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/

If only escaping wasn't being used, so user values did not get included in
certain strings :-)

diff -r
woocommerce.5.5.0/includes/data-stores/class-wc-webhook-data-store.php
woocommerce.5.5.1/includes/data-stores/class-wc-webhook-data-store.php
280c280
< $search  = ! empty( $args['search'] ) ? "AND `name` LIKE '%" .
$wpdb->esc_like( sanitize_text_field( $args['search'] ) ) . "%'" : '';
---
> $search  = ! empty( $args['search'] ) ? $wpdb->prepare( "AND
`name` LIKE %s", '%' . $wpdb->esc_like( sanitize_text_field(
$args['search'] ) ) . '%' ) : '';


The vote for the is_literal RFC ends on Monday the 19th of July, 7:30pm UK
time and 6:30pm UTC, and needs your support.

https://wiki.php.net/rfc/is_literal

[PHP-DEV] PHP 7.4.22RC1 is available for testing

2021-07-15 Thread Derick Rethans

PHP 7.4.22RC1 has just been released and can be downloaded from:



Or use the git tag: php-7.4.22RC1

Windows binaries are available at: 

Please test it carefully, and report any bugs in the bug system at
.

Hash values and PGP signatures can be found below or at
<>https://gist.github.com/80d0a3e00eb0f86cd93625f2cdf2834b.

7.4.22 should be expected in 2 weeks, i.e. on July 29th, 2021.

Thank you, and happy testing!

Regards,
Derick Rethans


php-7.4.22RC1.tar.gz
SHA256 hash: 163db0b6672f0a244546c6834858c42188bb479b0b14fbe7fa4b0950f0bba46b
PGP signature:
-BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmDtvJ8ACgkQkQ3rRvU+
oxKIlw/9E4RWUliynTD2GyvCiPnXs/UCu5rRtD9LUPxQgIei3Nq29+Twox622roi
L2cmZjfUPLPUXxZSbiOf/vOtCQjQ6VnLAn/7LOvee2rTQUtvS6yfTOnAocQBVVRz
tgjoVWQpUsHjmmM/56GbZJtfwRRaHRhhttFlYuPP8VCHJSBU8GabEhBbd3zRUCUS
Ylol7Wk19kafT+N9AqUBwBOxtgwiaudjZnbmxziZOvhZ3wU/ugVOF6zsgXOH3e1B
hQKZCcXDhUTMDBGy2tRPD7GV+kNzmxTHHwKi4iAAbOujPlvvHIBDV2ZUEa3+IKH/
8/OfKItbAr8O8lpT+NzMF+CRlM4aiJBpgBGiRIVWA7zbCIJojeDnLgkSgbKce0rH
xIAlj8IDE9nw3MKaj3eY0pkvCu0PGDPjYJJc5oJPhGbODbpDV/gPv45SOt5wY5hn
cmbkZxbSFuG+qopdqxnMH/CmkV7Ky989fTJ3HE7d+seYDz+1TXLN+8oTz21O0wyH
Mdjzw4dDEopqRKniyPKG5eE2MjPNswNYQP1HwWmZfkI2HWK0jh0zoXpAuUuAXqnw
6FEBBnulO8vX6J5uRNHA6NPpRGgEiEcas+iuFx6GK75ixwFQjHVc7gNutce2okNf
9KSMmFH+2E+XCsyxjmJkYVTjKKsUOiQhEvfhi9qA8sGlvD/C4oA=
=if/Q
-END PGP SIGNATURE-

php-7.4.22RC1.tar.bz2
SHA256 hash: fd62e1ce36cfc69c0876d3eb73b187c1d142cc6306f4024debcff00aac7deaa1
PGP signature:
-BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmDtvKMACgkQkQ3rRvU+
oxIqZg/+N2qJ2NcMxRE8EpVNKgQEaMLQGgU9S1Ja1qWghY3wYB3sTcMz7wDcuAwZ
HLii8sfANBcS1LVZfa4IdG/+OFQTVCQTSv04YpAb4XQvqPooci5dIzhg3NKmg0G5
23p+lZ7y48FfWiZmHyaISVLrTJwT7axalzaFY8AW4bgJn/ycinebK+pOO8SPsZIB
JK1Oksw9RX3A08JdQwieEt2Jn04QTKpBd2r/QUYY8PAbwHio0VCfG/U4fb1Gc/wg
QCq9hcClmsvU6aO+iQ7uFm/6edKP8hYSl5cXB07k/wubxbymCNYhjSlgmx/5F6KC
CUgIf6sEIvRFYOUdN4DEwp0enM67xvKgtt/i4h864vjhrHVluzF8kw0xmnqSL16t
zAHLL1d+pzu/djydwPjUND+y6fr6i+i9uB+peY0tPdimIFMLNQpg8NENCMr04J/T
fN7uzNaKU99JKUlRzQfFnaYuK3KlfmP2nJI+OofFQJ8EM8md3bBQ3tBjqzCnipq2
SScG44a3x36vrXxeM+jSxNKlFuN0BInwihZVQ6xr0xqOyzFe9iP91d3HKVHwzjOA
IQDdFh6v2k4byiNpvzdQMHbv3mT3KNX4VgnjpO0TlsT8twbpmZLFATfxKBhFcyyD
Pg7xH9BK1U0unf9UiLnQslPPAT5scSyGZLbD+wcfzy/F0UvQm9U=
=2tgf
-END PGP SIGNATURE-

php-7.4.22RC1.tar.xz
SHA256 hash: 1540bf4629c9da3a40b92e46915019792bb798dc45b77efbd473967ad08c38a1
PGP signature:
-BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEEWlKIB4H3VWCL+BX8kQ3rRvU+oxIFAmDtvKMACgkQkQ3rRvU+
oxLttBAAq722FGdGANVm9MFoQRuJgtGos72WYiKvA0bo0MCF8EV1upqAv/lEnVaF
JuGylfYStZfGnNy6fNrGikUKMyx0KyuNgmt0pp3npKabHf82jA3istgy/hDUsZEa
BNJxnMqtnFMZ4san0CtSnaQH4QMAs28OG6dGOJlQIYMRi5RmkBmKPXCQBh6rOmHL
vsEFVmId3nEf36HCFXlfy6YhQhHjfdKjl9oRzyP0S5pcOQg8mr2f9tpfh7WEH0KJ
cmFhzq37aK7eiEUlaVAT/zEZVZ0OLRCmJ6MAKFIbLJ1fLwgiiUPlfIyPVtLZ/ImC
jQZUfCHrcqFRVA+s/muVRJdoHWujH8xE2oUdb+mr3mkFt1FvTP2rjuI8rG5BaET+
oUMBq+5nvk/FybR1ZoZMCDyjNtHSe6P99CbR1VyrUfv1QGI6g5jB9yCMFftLfrME
kH939kly3D78JHq969z8QNfXO4UtfLI6QJaT7sE+c45Zk7JBT2gZm7yxddPM3XWn
Oc+eSb0MiLSnqU1N1LMLmMEb7Tm+9h2mHf+dU7S/2PMaMZNjgGkD9yXIitath5Uj
biSL6zd5vMylq5YuYKk2GYn08ZnJDbeD7vq23dBEFDOANESx4nesdfzUlxAKkw19
359Mr6Kz86XdO4zmo+Y+OJhuT0k7tyZMIDx1UxV5/8RVTHDQrrw=
=aBks
-END PGP SIGNATURE-


-- 
PHP 7.4 Release Manager
Host of PHP Internals News: https://phpinternals.news
Like Xdebug? Consider supporting me: https://xdebug.org/support
https://derickrethans.nl | https://xdebug.org | https://dram.io
twitter: @derickr and @xdebug

-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php

[PHP-DEV] Re: [VOTE] Readonly properties

2021-07-15 Thread Nikita Popov

On Thu, Jul 1, 2021 at 12:22 PM Nikita Popov  wrote:

> Hi internals,
>
> I have opened voting on https://wiki.php.net/rfc/readonly_properties_v2.
> The vote closes 2021-07-15.
>

Readonly properties have been accepted with 38 votes in favor and 11
against.

Regards,
Nikita

Re: [PHP-DEV] [RFC] [VOTE] is_literal

[PHP-DEV] PHP 7.4.22RC1 is available for testing

[PHP-DEV] Re: [VOTE] Readonly properties

3 matches

Site Navigation

Mail list logo

Footer information