Hi all,
This PR disables recursive session save handler function calls (any
multiple/invalid session save handler function calls)
https://github.com/php/php-src/pull/2196
This patch disables many kinds of save handler function abuses and
user script bugs. We have/had many bugs related to this
2016-11-10 0:43 GMT+01:00 Anatol Belski :
> At this point, what were our course of action? Seems there might be multiple
> tasks
>
> - granting the willing devs security karma
> - setting up a private CI
> - organizing a security team
>
> It probably would make sense, to
Hi,
I decided to be bold and do this. The RFC template and howto pages now
mention having a language specification patch.
It's probably a bit weak, though. Perhaps I should've added a new
section to the template for it.
Anyway, I hope this improves the situation. :)
--
Andrea Faulds
Hi,
> -Original Message-
> From: jakub@gmail.com [mailto:jakub@gmail.com] On Behalf Of Jakub
> Zelenka
> Sent: Wednesday, November 2, 2016 8:36 PM
> To: Stanislav Malyshev
> Cc: PHP Internals ; Remi Collet
>
>
Hi,
> -Original Message-
> From: Stanislav Malyshev [mailto:smalys...@gmail.com]
> Sent: Saturday, November 5, 2016 8:13 PM
> To: Matteo Beccati ; PHP Internals
>
> Subject: Re: [PHP-DEV] Security issue handling
>
> Hi!
>
> > On 24/10/2016
Hi Andrea
2016-11-09 22:43 GMT+01:00 Andrea Faulds :
> Hi everyone,
>
> If I edited the RFC template to mention having a language specification
> patch, would anyone object?
+1, I was thinking about something similar the other day while looking
over bug reports for the langspec.
--
Hi,
Fleshgrinder wrote:
That change would actually be brutally easy since we only need to change
the `%nonassoc` to `%left` and we are done.
Not quite. We'd still need to parse and compile these expressions
correctly. If we just add associativity, then we end up with Java's
behaviour.
--
Hi everyone,
If I edited the RFC template to mention having a language specification
patch, would anyone object?
Thanks!
--
Andrea Faulds
https://ajf.me/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 09.11.2016 at 17:28, Joe Watkins wrote:
> I want to explain why I voted no on this:
>
> I think it's significantly less useful without variance, variance is
> something that is usually difficult to achieve in PHP, but not for this
> feature in particular.
Can you please elaborate
On 09.11.2016 at 21:53, Christoph M. Becker wrote:
> On 09.11.2016 at 17:28, Joe Watkins wrote:
>
>> I want to explain why I voted no on this:
>>
>> I think it's significantly less useful without variance, variance is
>> something that is usually difficult to achieve in PHP, but not for
نمي دانم تا به حال با کسي رفيق بوده ايد يا نه، اما طبيعي است که هر کسي در طول
زندگي با افراد زيادي ارتباط برقرار مي کند; خواه اين ارتباط قوي و صميمي باشد،
خواه ضعيف و در حد يک سلام و احوال پرسي. جالب است و شايد هم باور کردنش سخت باشد،
اما واقعيت دارد و آن اين که هيچ کسي نيست که به شهداء سلام
On 11/8/2016 10:57 PM, David Walker wrote:
> I don't think that alone allows the chaining of comparisons. I'd have to
> look closer, but it'd seem to me that zend_ast_create_binary_op
> (ZEND_AST_BINARY_OP) evaluation might need to be amended as well. Seems it
> eventually calls a
Hi Joe,
If that's gonna improve feature I'll be happy to patch and then restart
voting.
I hope it's gonna satisfy more voters :)
I'll put RFC: On hold, then apply patch, draft some info in RFC and then
set up new voting.
Cheers,
2016-11-09 17:28 GMT+01:00 Joe Watkins :
On Wed, 9 Nov 2016, Nikita Popov wrote:
> On Wed, Nov 9, 2016 at 4:09 PM, Derick Rethans wrote:
>
> > On Wed, 9 Nov 2016, Christoph M. Becker wrote:
> >
> > > On 09.11.2016 at 15:21, Derick Rethans wrote:
> >
> >
> >
> > > > And running it with "valgrind php -n index.php",
Morning Internals,
I want to explain why I voted no on this:
I think it's significantly less useful without variance, variance is
something that is usually difficult to achieve in PHP, but not for this
feature in particular.
I absolutely want it, but I want it to be properly useful.
On Wed, Nov 9, 2016 at 4:09 PM, Derick Rethans wrote:
> On Wed, 9 Nov 2016, Christoph M. Becker wrote:
>
> > On 09.11.2016 at 15:21, Derick Rethans wrote:
>
>
>
> > > And running it with "valgrind php -n index.php", produces:
> > >
> > >
Stephen Zarkos in php.internals (Wed, 9 Nov 2016 14:44:17 +):
>FYI - the Windows builds for 7.1.0RC6 are uploaded.
This confirms, what I already noticed myself. There has been a change in
the Windows build process: the *.pdb files of the dependencies are added
to the debug pack now. I do not
Results for project PHP master, build date 2016-11-09 06:26:03+02:00
commit: 328ebff
previous commit:47d044b
revision date: 2016-11-09 02:19:23+01:00
environment:Haswell-EP
cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores,
stepping 2, LLC 45 MB
On Wed, 9 Nov 2016, Christoph M. Becker wrote:
> On 09.11.2016 at 15:21, Derick Rethans wrote:
> > And running it with "valgrind php -n index.php", produces:
> >
> > root@debian-8-64bit:/home/derick/xdebug-issue-1185# valgrind php -n
> > index.php
> > ==760== Memcheck, a memory error
Hi Derick!
On 09.11.2016 at 15:21, Derick Rethans wrote:
> Hi!
>
> Through https://bugs.xdebug.org/view.php?id=1185 I ran into a bug in PHP
> proper. Apparently, this script:
>
>
> class A {
> static private $a;
>
> static public function init() {
>
Hi,
FYI - the Windows builds for 7.1.0RC6 are uploaded.
Thanks!
Steve
From: Joe Watkins [mailto:pthre...@pthreads.org]
Sent: Wednesday, November 9, 2016 7:41 AM
To: Anatol Belski
Cc: Davey Shafik ; Stephen Zarkos
; Remi
Hi!
Through https://bugs.xdebug.org/view.php?id=1185 I ran into a bug in PHP
proper. Apparently, this script:
https://derickrethans.nl | https://xdebug.org | https://dram.io
Like Xdebug? Consider a donation: https://xdebug.org/donate.php
twitter: @derickr and @xdebug
--
PHP Internals
Morning Anatol,
Damn it ... will fix in the dev branch.
Cheers
Joe
On Wed, Nov 9, 2016 at 10:27 AM, Anatol Belski
wrote:
> Hi Joe,
>
> > -Original Message-
> > From: Joe Watkins [mailto:pthre...@pthreads.org]
> > Sent: Wednesday, November 9, 2016 4:42 AM
> >
Hi Joe,
> -Original Message-
> From: Joe Watkins [mailto:pthre...@pthreads.org]
> Sent: Wednesday, November 9, 2016 4:42 AM
> To: Davey Shafik ; Anatol Belski ;
> Stephen Zarkos ; Remi Collet
> ; Julien
24 matches
Mail list logo