[PHP-DEV] Disable session save handler abuses

Hi all, This PR disables recursive session save handler function calls (any multiple/invalid session save handler function calls) https://github.com/php/php-src/pull/2196 This patch disables many kinds of save handler function abuses and user script bugs. We have/had many bugs related to this

Re: [PHP-DEV] Security issue handling

2016-11-10 0:43 GMT+01:00 Anatol Belski : > At this point, what were our course of action? Seems there might be multiple > tasks > > - granting the willing devs security karma > - setting up a private CI > - organizing a security team > > It probably would make sense, to

[PHP-DEV] Re: Encouraging maintaining the language spec

Hi, I decided to “be bold” and do this. The RFC template and howto pages now mention having a language specification patch. It's probably a bit weak, though. Perhaps I should've added a new section to the template for it. Anyway, I hope this improves the situation. :) -- Andrea Faulds

RE: [PHP-DEV] bug classification discussion

Hi, > -Original Message- > From: jakub@gmail.com [mailto:jakub@gmail.com] On Behalf Of Jakub > Zelenka > Sent: Wednesday, November 2, 2016 8:36 PM > To: Stanislav Malyshev > Cc: PHP Internals ; Remi Collet > >

RE: [PHP-DEV] Security issue handling

Hi, > -Original Message- > From: Stanislav Malyshev [mailto:smalys...@gmail.com] > Sent: Saturday, November 5, 2016 8:13 PM > To: Matteo Beccati ; PHP Internals > > Subject: Re: [PHP-DEV] Security issue handling > > Hi! > > > On 24/10/2016

Re: [PHP-DEV] Encouraging maintaining the language spec

Hi Andrea 2016-11-09 22:43 GMT+01:00 Andrea Faulds : > Hi everyone, > > If I edited the RFC template to mention having a language specification > patch, would anyone object? +1, I was thinking about something similar the other day while looking over bug reports for the langspec. --

Re: [PHP-DEV] [RFC] Interval Comparison

Hi, Fleshgrinder wrote: That change would actually be brutally easy since we only need to change the `%nonassoc` to `%left` and we are done. Not quite. We'd still need to parse and compile these expressions correctly. If we just add associativity, then we end up with Java's behaviour. --

[PHP-DEV] Encouraging maintaining the language spec

Hi everyone, If I edited the RFC template to mention having a language specification patch, would anyone object? Thanks! -- Andrea Faulds https://ajf.me/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] [RFC][VOTE] Object typehint

On 09.11.2016 at 17:28, Joe Watkins wrote: > I want to explain why I voted no on this: > > I think it's significantly less useful without variance, variance is > something that is usually difficult to achieve in PHP, but not for this > feature in particular. Can you please elaborate

Re: [PHP-DEV] [RFC][VOTE] Object typehint

On 09.11.2016 at 21:53, Christoph M. Becker wrote: > On 09.11.2016 at 17:28, Joe Watkins wrote: > >> I want to explain why I voted no on this: >> >> I think it's significantly less useful without variance, variance is >> something that is usually difficult to achieve in PHP, but not for

[PHP-DEV] سلام دوست من، طعم يک رفاقت واقعي

نمي دانم تا به حال با کسي رفيق بوده ايد يا نه، اما طبيعي است که هر کسي در طول زندگي با افراد زيادي ارتباط برقرار مي کند; خواه اين ارتباط قوي و صميمي باشد، خواه ضعيف و در حد يک سلام و احوال پرسي. جالب است و شايد هم باور کردنش سخت باشد، اما واقعيت دارد و آن اين که هيچ کسي نيست که به شهداء سلام

Re: [PHP-DEV] [RFC] Interval Comparison

On 11/8/2016 10:57 PM, David Walker wrote: > I don't think that alone allows the chaining of comparisons. I'd have to > look closer, but it'd seem to me that zend_ast_create_binary_op > (ZEND_AST_BINARY_OP) evaluation might need to be amended as well. Seems it > eventually calls a

Re: [PHP-DEV] [RFC][VOTE] Object typehint

Hi Joe, If that's gonna improve feature I'll be happy to patch and then restart voting. I hope it's gonna satisfy more voters :) I'll put RFC: On hold, then apply patch, draft some info in RFC and then set up new voting. Cheers, 2016-11-09 17:28 GMT+01:00 Joe Watkins :

Re: [PHP-DEV] Re: PHP 5.6 static access valgrind issue

On Wed, 9 Nov 2016, Nikita Popov wrote: > On Wed, Nov 9, 2016 at 4:09 PM, Derick Rethans wrote: > > > On Wed, 9 Nov 2016, Christoph M. Becker wrote: > > > > > On 09.11.2016 at 15:21, Derick Rethans wrote: > > > > > > > > > > And running it with "valgrind php -n index.php",

Re: [PHP-DEV] [RFC][VOTE] Object typehint

Morning Internals, I want to explain why I voted no on this: I think it's significantly less useful without variance, variance is something that is usually difficult to achieve in PHP, but not for this feature in particular. I absolutely want it, but I want it to be properly useful.

Re: [PHP-DEV] Re: PHP 5.6 static access valgrind issue

On Wed, Nov 9, 2016 at 4:09 PM, Derick Rethans wrote: > On Wed, 9 Nov 2016, Christoph M. Becker wrote: > > > On 09.11.2016 at 15:21, Derick Rethans wrote: > > > > > > And running it with "valgrind php -n index.php", produces: > > > > > >

Re: [PHP-DEV] PHP-7.1.0RC6

Stephen Zarkos in php.internals (Wed, 9 Nov 2016 14:44:17 +): >FYI - the Windows builds for 7.1.0RC6 are uploaded. This confirms, what I already noticed myself. There has been a change in the Windows build process: the *.pdb files of the dependencies are added to the debug pack now. I do not

[PHP-DEV] NEUTRAL Benchmark Results for PHP Master 2016-11-09

Results for project PHP master, build date 2016-11-09 06:26:03+02:00 commit: 328ebff previous commit:47d044b revision date: 2016-11-09 02:19:23+01:00 environment:Haswell-EP cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2, LLC 45 MB

Re: [PHP-DEV] Re: PHP 5.6 static access valgrind issue

On Wed, 9 Nov 2016, Christoph M. Becker wrote: > On 09.11.2016 at 15:21, Derick Rethans wrote: > > And running it with "valgrind php -n index.php", produces: > > > > root@debian-8-64bit:/home/derick/xdebug-issue-1185# valgrind php -n > > index.php > > ==760== Memcheck, a memory error

[PHP-DEV] Re: PHP 5.6 static access valgrind issue

Hi Derick! On 09.11.2016 at 15:21, Derick Rethans wrote: > Hi! > > Through https://bugs.xdebug.org/view.php?id=1185 I ran into a bug in PHP > proper. Apparently, this script: > > > class A { > static private $a; > > static public function init() { >

RE: [PHP-DEV] PHP-7.1.0RC6

Hi, FYI - the Windows builds for 7.1.0RC6 are uploaded. Thanks! Steve From: Joe Watkins [mailto:pthre...@pthreads.org] Sent: Wednesday, November 9, 2016 7:41 AM To: Anatol Belski Cc: Davey Shafik ; Stephen Zarkos ; Remi

[PHP-DEV] PHP 5.6 static access valgrind issue

Hi! Through https://bugs.xdebug.org/view.php?id=1185 I ran into a bug in PHP proper. Apparently, this script: https://derickrethans.nl | https://xdebug.org | https://dram.io Like Xdebug? Consider a donation: https://xdebug.org/donate.php twitter: @derickr and @xdebug -- PHP Internals

Re: [PHP-DEV] PHP-7.1.0RC6

Morning Anatol, Damn it ... will fix in the dev branch. Cheers Joe On Wed, Nov 9, 2016 at 10:27 AM, Anatol Belski wrote: > Hi Joe, > > > -Original Message- > > From: Joe Watkins [mailto:pthre...@pthreads.org] > > Sent: Wednesday, November 9, 2016 4:42 AM > >

RE: [PHP-DEV] PHP-7.1.0RC6

Hi Joe, > -Original Message- > From: Joe Watkins [mailto:pthre...@pthreads.org] > Sent: Wednesday, November 9, 2016 4:42 AM > To: Davey Shafik ; Anatol Belski ; > Stephen Zarkos ; Remi Collet > ; Julien