technically "wrong")? It seems unlikely to get a function
or class name accidentally in a SQL query and even less likely that user
input was involved.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
accidental case where $x is supposed to be a
trusted string but is an untrusted integer instead, like the given
example.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
eone with prior knowledge
can tell what kind of strings get interned by Opcache. Array keys?
Object properties?
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
. undefined variables or bad array offsets
in a non-tested code path. Non-literal string is just one more
kind of bug, it can be reported just like all the rest.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
imagine people using either one
without realizing that they can create any character, including \0 or '
or " or non-UTF-8. Better to leave only chr(), one less thing to worry
about.
Custom padding is a weird edge case, maybe just disallow that too?
As you said yourself, it's not easy to pro
On 2021-06-12 22:21, Craig Francis wrote:
On Sat, 12 Jun 2021 at 19:59, Lauri Kenttä
wrote:
Hi,
I wrote the untaint() / make_literal() function, just in case.
implode("", array_map(fn($c) => $chars[ord($c)], str_split($s, 1)))
https://3v4l.org/EaN9Z#focus=rfc.literals
Hi,
I wrote the untaint() / make_literal() function, just in case.
implode("", array_map(fn($c) => $chars[ord($c)], str_split($s, 1)))
https://3v4l.org/EaN9Z#focus=rfc.literals
Sorry and bye.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsub
ing both element
and shifted array without resorting to by-reference parameters?
Spread operator support in assignments would solve this nicely:
[$first, ...$rest] = $array;
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
different code to support both PHP 7 and 8.
Also, now that we're at it, what about the following:
i[].x=1 currently produces ['i' => [0 => '1']], losing the x.
i[x].y=1[x].z=2 produces ['i' => ['x' => '2']].
Maybe something to be done to address these cases?
--
Lauri Kenttä
--
P
This is unambiguous and should be allowed IMO.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 2019-01-16 09:59, Rasmus Schultz wrote:
We've noticed something odd about the "php://input" stream.
If you attempt to rewind() it after reading the stream, rewind()
returns
true, and ftell() subequently returns 0.
However, attempting to read the stream again after that returns
nothing.
On 2019-01-13 17:29, Legale Legage wrote:
There is 2 more 2-bytes width encodings: MBFL_ENCTYPE_MWC2BE
(UTF16-BE),
MBFL_ENCTYPE_MWC2LE (UTF16-LE).
UTF-16 is not a fixed-width 2-byte encoding.
Just like UTF-8 is not a fixed-width 1-byte encoding.
--
Lauri Kenttä
--
PHP Internals - PHP
and well known.
You have to use formatting functions like number_format if you need
neatly rounded base-10 output.
There are also a lot of libraries for precise base-10 calculations. They
will be a lot slower than native binary floating-point calculations,
though.
Regards,
Lauri Kenttä
f you receive floats,
you can parse them yourself. No need to change ”the other side”.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
(possible with normal string but would not
happen with interned), causing corruption.
Is this a bug or just some Zend quirk?
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
ars/appeared in other places, too.
Ah, OK, I stand corrected.
Regards,
I'm just wondering if T_PAAMAYIM_NEKUDOTAYIM could finally be changed to
T_DOUBLE_COLON in, say, PHP 8?
Sorry about hijacking this. :)
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
e to SHA-3 of the same
length?
Just my thoughts.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
.
You could create all kinds of crazy bloat.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
6; ++$i) hash("sha3-256", "abc");'
user0m2.497s
sys 0m0.020s
There's a small difference, but I wonder if anybody (except Yasuo)
actually cares?
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
el log has several lines about /dev/urandom
not being properly seeded before the system is fully started, so using a
CSPRNG is not guaranteed to work so well.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
/msg87590.html
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 2017-01-27 17:13, Leigh wrote:
On 27 January 2017 at 14:30, Lauri Kenttä <lauri.ken...@gmail.com>
wrote:
This needs to be thought of as 2^32 possible _streams_ with a period
of (2^19937)−1. Offset within the stream is as important as the
stream
variation itself.
This is no
orithm, the bit strength is only 2^32.
The remaining 2^28 comes from security through obscurity, which is
not a generally valid real security thing.
Anyway, a password should be better generated with CSPRNG, not MT,
so "hardening" MT is totally irrelevant.
--
Lauri Kenttä
--
PHP Interna
environment, even on machines without any network. CSPRNG is not
required and should not be required.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
llback), see [1]. I can
send that against master if the approach is accepted here. If you want
it in PHP-7.0 or PHP-7.1, please merge it yourself, thank you.
[1] https://github.com/Metabolix/php-src/tree/mt_srand_auto-pr
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailin
On 2017-01-17 16:18, Lauri Kenttä wrote:
On 2017-01-17 02:34, Yasuo Ohgaki wrote:
Set state somewhere between MT rand's 2^19937−1 cycle.
This is exactly what my patch does.
Or, to be honest, my patch provides 2^19936 possible states,
which should be more than enough.
To get all 2^19937−1
On 2017-01-17 02:34, Yasuo Ohgaki wrote:
Set state somewhere between MT rand's 2^19937−1 cycle.
This is exactly what my patch does.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On Mon, Jan 16, 2017 at 4:04 PM, Yasuo Ohgaki
wrote:
We know this kind of seed is guessable. i.e. Our session id is
compromised
by this kind of code.
Maybe you should fix session id instead of (or in addition to) mt_rand.
On 2017-01-16 09:16, Yasuo Ohgaki wrote:
ll the
same tale. So do you have some actual arguments for your version, or is
this just ”not invented here”?
Also, I must say that I'm neither for nor agains this change in general;
I'm discussing only the implementation.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
produce 0.abcdefgh
instead of a.bcdefghi.
If you can't fix it, maybe you shouldn't be doing it in the first
place...
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
) would cover the general case.
random_array([1,2,3], 20) could extend this to arbitrary arrays.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
is evaluated only once, so the
expression will have the same value in both of the comparisons. So if
the first part is 1<2, then the other must be 2<3 (and not 3<3).
An expression like a < b < c < d can be currently implemented with
temporary variables like this:
a < ($tmp1 =
e dropped and the comparison will go on.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
, so you get 8/6*7 = 9 chars.
Not really better than 7 chars, especially considering that all
operations on single characters would be slower than usual.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
at negative width is no longer supported,
soon people will discover the easy fix, max($width,0), and you have
really gained nothing but more hacks in bad code.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
change it?
It's very easy to imagine a script like this:
Here someone tries to calculate $max_width dynamically.
The calculation might produce a negative result sometimes.
The text would be visible, even if it's not word wrapped.
It might not look as expected, but it would be readable.
--
On 2016-10-13 22:32, Davey Shafik wrote:
On Thu, Oct 13, 2016 at 12:20 PM, Lauri Kenttä
<lauri.ken...@gmail.com> wrote:
On 2016-10-13 20:16, Davey Shafik wrote:
Can anyone shed some light on:
1) when it was merged
2) who merged it
3) how the dates are messed up
1) and 2)
P-7.2 into Joe's
messed-up branch.
I think the normal approach here would be to issue a statement, rename
this branch to PHP-7.1-broken-blahblah and restart PHP-7.1 from the last
good commit (4b8bdac) with some cherry-picking or re-merging.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Developm
, and then simply call the
function instead of repeatedly including the file. Calling a function is
a lot faster than including a file.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 2016-08-23 18:45, Alexander Lisachenko wrote:
2016-08-23 18:05 GMT+03:00 Lauri Kenttä <lauri.ken...@gmail.com>:
Could you do it without reflection, then? I don't think so.
Thus, I think your "use case" is broken by design.
FYI: This use case is used by Go! AOP Framewor
the method in Child class at all.
If this kind of functionality is generally needed,
maybe it could be borrowed from C++:
obj_b->A::whoami();
Translated to PHP/Reflection:
new ReflectionMethod("B", "A::whoami")->invoke();
--
Lauri Kenttä
--
PHP Internals - PHP Runtime D
Levi! I suggest to wait for Julian, though, who wrote: "I'll prepare a
patch exposing my ideas soon."
Would there be different checks for static and non-static?
- For non-static, accept object or null. (Or only a non-null object?)
- For static, accept only null (deprecate also objects)
ctions to these cost factors (or anything else for that
matter) before putting this up for a vote. Please let me know your
thoughts.
The whole RFC looks good to me now.
Thanks for your work on this!
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.p
already knows this Zend stuff a bit better...
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
---
ext/standard/basic_functions.c | 5 +
ext/standard/mt_rand.c | 67 ++-
ext/standard/php_math.h| 1 +
ext/standard/tests/math/mt_srand_array_basic.phpt | 146 ++
On 2016-08-14 17:04, Tom Worster wrote:
On 8/14/16, 5:45 AM, "Lauri Kenttä" <lauri.ken...@gmail.com> wrote:
On 2016-08-13 18:53, Tom Worster wrote:
On 8/12/16 2:48 PM, Lauri Kenttä wrote:
On 2016-08-12 21:40, Tom Worster wrote:
mt_srand() will work. But what would be in the
On 2016-08-13 18:53, Tom Worster wrote:
On 8/12/16 2:48 PM, Lauri Kenttä wrote:
On 2016-08-12 21:40, Tom Worster wrote:
mt_srand() will work. But what would be in the array? Integers from
which the upper 32 bits, if they exist, are discarded?
mt19937ar.c contains init_by_array.
Compability
widely used implementation.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hello,
Any thoughts about supporting a longer seed array for mt_srand? Does
anyone really need it? Should it be in mt_srand or mt_srand_array?
See: https://bugs.php.net/bug.php?id=32145
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http
miliar with Argon2, I only looked shortly
at the source files and the Python library [2]. However, care
should be taken to use the correct definition for m_cost.
[1] https://github.com/P-H-C/phc-winner-argon2/blob/master/src/run.c#L27
[2] http://argon2-cffi.readthedocs.io/en/stable/parameters.html
--
Lauri
128 MB or 256 MB.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
($a, $b, 0, strlen($b)) === 0;
}
function str_ends($a, $b) {
return substr_compare($a, $b, -strlen($b)) === 0;
}
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 2016-07-17 06:49, Marcio Almada wrote:
2 . Is there any rationale why we're using strings separated by '|' to
pass
context instead of an array? Ex.:
Multiple arguments would make the syntax even cleaner:
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
might mean that the data is truncated by accident.
- Invalid padding is allowed ("=VVV=", "VV=V=")
Any comments? Strict mode at least gets this one right.
It's really sad if someone relies on this "feature".
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
'U'
'VV= =' 'U' (false)
'VVV=V' 'UUU' 'UU'
'=*' 'UUU' 'UUU'
'VV=V' 'U' ''
'VV=*' '' ''
'===*' 'UUU' 'UUU'
'VVVV' 'UUU' 'UU'
'VVV*'
On 2015-09-17 11:58, Rowan Collins wrote:
Interestingly, ... there's no way I know of to
detect if a parameter was omitted from your function call rather than
passed an explicit null;
There is! It's called func_num_args, and it's very ugly.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime
(especially assigning)
non-declared variables. They already did this for JavaScript...
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 2015-08-03 23:54, Scott Arciszewski wrote:
$AES = new \PCO\Symmetric('openssl:cipher=AES-128');
It would be great if you could just ask for cipher=AES-128 without
explicitly specifying the provider (openssl).
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
and/or all used settings to solve both of these cases?
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 2015-05-12 03:56, Yasuo Ohgaki wrote:
- is_numeric() and numeric type for float like string
FYI, there's ctype_digit($s) and preg_match('/^[0-9]+$/s', $s);
Adding more functions would be only confusing, I think.
--
Lauri Kenttä
--
PHP Internals - PHP Runtime Development Mailing List
(x ~x) is always 0.
((x (~x + 1)) != x) works.
((x (x - 1)) != 0) works too.
---
ext/standard/random.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ext/standard/random.c b/ext/standard/random.c
index 12c2503..4a1adbf 100644
--- a/ext/standard/random.c
+++
61 matches
Mail list logo