Yes. First it didn't appear to be that, but after sending
the email, I checked it again by running apache in gdb and
it indeed works only for the first request.
I'll look at that.
You fixed another bug too the same time which had bugged me
a while ago. As before if
Did it work in newly started Apache children and failed in
reused ones? That would be a pattern at last.
Yes. First it didn't appear to be that, but after sending
the email, I checked it again by running apache in gdb and
it indeed works only for the first request.
On Wed, 28 Aug 2002, Marcus Boerger wrote:
Hi Sascha is ther a waay to build three modules, in particular
i want to build cli, cgi and the apache module.
Yes, it would look like this:
1. ./configure appropiate stuff
2. make
3. make clean
4. goto 1
- Sascha
--
PHP
nice if there was a 'canned' way of doing it. I use the apache sapi and
the cli, and it would be nice to be able to build them with a single
make.
That's already in.
- Sascha
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Well, more worrisome would be if a bad guy tricks you into clicking on a
link or simply sends you an image in an email that makes a request to my
server with a valid-looking session id. Then if you go to this site (that
I've debunked that scenario already a few times. The net
result
On Mon, 19 Aug 2002, Rasmus Lerdorf wrote:
Well, while it is true that it is impossible to completely prevent, our
I've been through this argument a couple of times and I don't
plan to spend more time on it.
If you want your site to be safe, enable
session.use_only_cookies and
On Mon, 19 Aug 2002, Rasmus Lerdorf wrote:
But could you at least answer the question? What is the advantage of
allowing user-supplied new session ids? I see no reason not to add a
check for this.
For example, I have a set of C programs for IRCG load
testing. It uses a simple FSM
To play devil's advocate, pure cookie based authentication is not a
panacea. If you allow users to put things like javascript on your site,
or if you have users who exploit ie bugs like the about: cookie domain
bug from last year, cookies can be stolen and session hijacked. pure
cookie
On Sat, 17 Aug 2002, Dan Kalowsky wrote:
I disagree that it should go out as is, very strongly at that too.
I agree with Dan here.
- Sascha
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
64-bit fixes (for whatever reason), I think that's quite alright. 64-bit
support is a major thing, which people, especially businesses, will not
really expect to be implemented in a bug-fix release.
64-bit support has worked for years in PHP -- it is not new
or a 'major thing'.
On Sat, 17 Aug 2002, Zeev Suraski wrote:
At 22:58 17/08/2002, Sascha Schumann wrote:
64-bit fixes (for whatever reason), I think that's quite alright. 64-bit
support is a major thing, which people, especially businesses, will not
really expect to be implemented in a bug-fix release
The recently upgraded ssh on these boxes sends a DSA host key
instead of the RSA version. Because the DSA one is unknown,
ssh will alert you about a change of the remote host
identification. You can safely ignore this warning and
remove the old entry from your known_hosts2
Maybe even comment on the MAKE env variable, I think it'll be OK.
Why do you want to remove existing and working functionality?
If no bug report comes in, we can safely take out all that stuff in 4.3,
like has been done in HEAD.
The reason for BSD_MAKEFILE support ceased to exist
So now I either need to adjust my environment, or patch configure.in, to check
for GNU make, rather then just plain assume BSD make.
Install GNU make as gmake as every other BSD system and be
done with it.
- Sascha
--
PHP Development Mailing List http://www.php.net/
To
With buildconf you get the error in build/build2.mk, cause buildconf has the
same issue.
Is it so hard to simply accept that you need to type make
instead of gmake or unset MAKE when building PHP?
- Sascha
--
PHP Development Mailing List http://www.php.net/
To unsubscribe,
On Mon, 22 Jul 2002, Edin Kadribasic wrote:
it's full with downloads taking place... apache is not that suited
for
this. :(
Shouldn't a more suitable web server be installed then? Handling
downloads on the same machine with say thttpd running on a different
port would help a lot.
On Mon, 22 Jul 2002, Edin Kadribasic wrote:
it's full with downloads taking place... apache is not that suited
for
this. :(
Shouldn't a more suitable web server be installed then? Handling
downloads on the same machine with say thttpd running on a different
port would help a lot.
I cannot actually log into synacor1.php.net right now (ssh). We
will move www.php.net to another mirror now (rs1.php.net) and
change the downloads.php page to force downloads from
mirrors (at least temporarily).
- Sascha
--
PHP Development Mailing List http://www.php.net/
If you want to use autoconf-2.5x with PHP, make sure that you
run a ./cvsclean after cvs update. Autoconf-2.5x will not
correctly rebuild configure/php_config.h in many cases.
This happens under the following circumstances:
- configure.in, acinclude.m4 did not change
-
I think it is time for deprecating sapi_add_header* in favor
of a more general function, called sapi_header_op.
Let me quickly recapitulate the history.
The original function sapi_add_header added and sometimes
replaced HTTP headers and changed HTTP response codes at
How is it better than add_header_ex()?
1. The function name misrepresents the function's task.
It sets the response code, replaces or adds a header.
Simply calling it 'operation' is therefore a clearer
choice.
2. The new function has a more generic interface which
On Sun, 30 Jun 2002, Zeev Suraski wrote:
Thanks for the clarifications. IMHO the advantage does not outweigh the
disadvantages (slower, more cumbersome to use, will require everyone to
implement two interfaces), so personally, I'm -1.
Where is your reasoning for a veto? I don't see
On Sun, 30 Jun 2002, Andi Gutmans wrote:
My only problem with this patch is that I don't like API's which pass
around structs. I always find it cumbersome to have to create and fill the
struct and then pass it.
Can you think of something similar without using structs?
If you look at the
I understood the rational of using a struct from the beginning. I still in
general don't like using structs very much because as I mentioned it's not
as easy to use. I prefer having 2-3 methods then having one method which I
Well, feel free to post those 2-3 methods which cover all
Let's analyze the meaning of session.use_cookies, shall we?
http://php.net/manual/en/ref.session.php says:
session.use_cookies specifies whether the module will use
cookies to store the session id on the client side. Defaults
to 1 (enabled).
Please note the absence of
I noticed this risk long time before and I think it's a kind of
security fix as Sascha's comment, isn't it?
That depends on your viewpoint.
From my perspective, this is not urgent. It is not like an
attacker can gain access to the server, it just makes it a
bit harder for
A quick heads up, please use [EMAIL PROTECTED] from now on.
schumann.cx was disconnected without notice.
Thanks.
- Sascha
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
The zend-equivalent is painfully slow.
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
On Sun, 12 May 2002, Zeev Suraski wrote:
Hmm, then it could be fixed, but we shouldn't introduce a new implementation.
Assuming you refer to the large number of output calls, they can be saved
using output buffering - implementing localized buffering in every place is
I've just noticed
What inherent flaws? So far, the only difference between them that I could
spot was that php_html_puts() was buggy, and did not convert series of
spaces into nbsp;'s. Otherwise, the only difference was the use of
buffering. I may have missed something, though.
That is not buggy,
What I'm pointing out is that there are no 'inherent flaws' in the 'dog
slow' implementation that we already had for a couple of years. If you
want to add buffering, we can add buffering. There's no point in adding a
specialized buffered implementation.
Well, php_html_puts has several
I favor php_html_puts also due to maintability reasons.
Please consider this part of code from zend_html_puts:
!(((ptr+1)=end) || (*(ptr+1)==' ')) /* next is not a space */
!((ptr==s) || (*(ptr-1)==' '))) /* last is not a space */ {
And contrast it with the
Ok, so I'll use your method. By the way, there was nothing inherent in the
two places you used 'inherent', on this topic :)
php_html_puts is simple, consistent and easy to follow.
These are its essential characteristics, and thus they are
inherent. But I digress.
Again, I fail
Looks like 1.294 did not make it into the branch. Too bad.
Here is the diff. It might be wise to post it on the
downloads page (Derick, can you do that?).
http://apache.org/~sascha/php-420-session-fix
- Sascha Experience IRCG
On Tue, 23 Apr 2002, [EMAIL PROTECTED] wrote:
Hello Sascha, php-dev,
On Tue, 23 Apr 2002, Sascha Schumann wrote:
Here is the diff. It might be wise to post it on the
downloads page (Derick, can you do that?).
http://apache.org/~sascha/php-420-session-fix
I think it's
It ought not to be removed.
Reason? The GCC optimizer easily takes a couple of hundred
mega bytes of memory to compile zend_execute.c depending on
the optimization level and the architecture. That is pretty
bad, especially when administrators have not set up process
The PHP_ADD_LIBRARY_DEFER() and PHP_ADD_LIBRARY_DEFER_WITH_PATH()
macros no longer do what they were originally designed to do,
ie. place the libraries into DLIBS instead of LIBS.
Good catch!
- Sascha Experience IRCG
The solution is to copy the relevant headers (mbfilter.h, mbstring.h)
into /usr/local/include/php/ext/mbstring.
I've had a look around and I can't find where or how to get the
build system to install those headers.
You just need to add the relevant dir to HEADER_DIRS in
Perhaps, and here is something to think about, pseudo-random is
not what the developer wants as a session ID.
Well, provided that there is a device which captures white
noise, you can also get real random session ids with the
current code.
The storage handlers need not calculate
Should php create the session id, or should the session handler?
PHP should. Here is something to think about.
It is hard to generate hard to guess session ids. PHP has
various internal entropy sources and can read from system
provided entropy sources as well. That gives PHP
On Tue, 26 Mar 2002, Sterling Hughes wrote:
Hey,
Just wondering why we only define SID when cookies are not used --
wouldn't it be useful in all cases?
Try reading http://php.net/session. The reason is spelled
out there. :-)
- Sascha
I actually can't find the reason that SID is not registered... I know
Well, the page is quite long and it might be hard to miss.
that its main use is for appending the session ID onto a URL, but I'd
find it useful for logging purposes and such (i guess I could just use
the
I think that it'll be really nice to have it defined all the time.
define(MYSID, session_name().=.session_id());
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP Development Mailing List
On Mon, 25 Mar 2002, Yasuo Ohgaki wrote:
Comment to lists, since this is marked as Critical already.
According to multiple user bug reports, it seems this bug is
preventing saving session variables, when user redirect via.
header(). Apache/Linux users are reporting this.
The bug report
No. I've just seen enough complaints about not saving session vars with
redirection.
That's because people forget to embed SID into their URLs.
That does not happen automatically.
That issue is completely unrelated to this bug report.
- Sascha
The CLI does not have many roots.. it might take literally
one or two changes to disable it generally in the 4.2.0
branch.
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP Development Mailing
The right solution to the issue I reported is fixing
aggregation.c. The pcre-library is quite heavy code-wise, so
for a slim PHP, I do want to have the option to disable it.
- Sascha Experience IRCG
http://schumann.cx/
Please don't forgot to Cc the maintainers of the session
extension on all related discussions (Andrei and me).
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP Development Mailing List
Is there any reason why PHP should be by default linked
against -lpam? IIRC, the initial reason was link against
PAM, just in case, but so far, no case has emerged which I
would be aware of.
In contrast, linking against a found pam library causes
problems when building
Jani's commit introduced a failure, because it did not take a
restriction into concern.
Quote from the announcement:
Now, you need to tell the build system that you want to build files
in a directory called $ext_builddir/lib:
PHP_ADD_BUILD_DIR($ext_builddir/lib)
Make sure to call
On Tue, 19 Mar 2002, [EMAIL PROTECTED] wrote:
On Tue, 19 Mar 2002, Yasuo Ohgaki wrote:
Is it possible to bundle re2c? or make it required
build tool? and delete generated C source?
I think this is not a good idea, the install base of re2c is very small.
No major distribution includes
It won't be a problem in releases anyway, these come with the pregenerated
files, but perhaps it's a good idea to remove the .re files from this.
Sascha, what's your opinion on this?
Why should we prevent users from changing the source by
delivering only parts of the source-code?
Should work fine now
On Tue, 19 Mar 2002, Jani Taskinen wrote:
Sascha?
--Jani
On Tue, 19 Mar 2002, Stanislav Malyshev wrote:
I have noticed that somewhere after 4.1.2 PHP build process was changed
and now PHP does not export dynamic symbols (dlopen on .so that uses
The current CVS behaviour is the correct and documented one.
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit:
When I try to build pear/PECL/satellite, I get an error like this:
Thanks for submitting this. The issue has been corrected in
CVS. You need to reinstall phpize and related components
from CVS.
- Sascha Experience IRCG
On 13 Mar 2002, Matt Allen wrote:
I might be reading it wrong, and feel free to creect me if i am but:
Yes, you are reading it wrong.
does the code read:
Note the tempus of the variable send_cookie.
- Sascha Experience IRCG
On 13 Mar 2002, Matt Allen wrote:
Ok then, no problems.
The thing is, last night in stalled the latest snap and SID was not
being popuulated, even though session cookies were DEFINATLY off,
accoring to a phpinfo anyway.
Ok, SID would be defined on the first, but not subsequent
On Tue, 12 Mar 2002, Rasmus Lerdorf wrote:
Could you give me a quick summary of the changes. I am a little confused
Please refer to the posting New Build System committed to
Head.
as to why ext/zlib doesn't have a config.m4 file anymore, for example. I
That has been the case
On Sun, 10 Mar 2002, Jani Taskinen wrote:
Also, the 'phpize' doesn't work.
It worked when I tested it..
Please elaborate on in which way it fails to work.
- Sascha Experience IRCG
http://schumann.cx/
Warning: Invalid library (maybe not a PHP library) 'ldap.so' in Unknown on
line 0
This error I get also while configuring:
./configure: /usr/src/web/php/php4/ext/ldap/ext/ldap/Makefile.in: No such file
or directory
--Jani
On Sun, 10 Mar 2002, Sascha Schumann wrote:
On Sun, 10
On Fri, 8 Mar 2002, Marcus Börger wrote:
Very nice new build system much faster the only thing what's left on that
is .o in all .cvsignore
*.o is ignored by CVS by default.
- Sascha Experience IRCG
http://schumann.cx/
Hm, it does not make much sense to convert ' ' to 'nbsp; ',
because the original purpose of this function is to preserve
the structure of the plain text.
So, the change is basically equivalent in terms of output
formatting to removing the conversion.
If this is a severe
Hi,
I'd like to get some input on the new build system. If there
are enough yea voices, I could merge it into 4.3.0..
The current patch against the CVS is here:
http://schumann.cx/buildv5.patch
This version adds support for the test target and PHP_DEFINE
which
On Thu, 7 Mar 2002, Alan Knowles wrote:
I presume that the old
PHP_EXENTSION() still works in V5
so modules outside the php tree can keep using it? ... and put in
dnl PHP_EXENTSION_NEW.
so it's V5 ready...
Yes. The system includes a scanner for Makefile.in templates
which
Hi,
you won't see the commit, because it is too large to go
through the mailing list. Perhaps it bounced to Jim, so that
he can make it available by alternative means.
Something in this commit might uncover an autoconf-2.52
portability bug on FreeBSD. I don't know
On Thu, 7 Mar 2002, [EMAIL PROTECTED] wrote:
Hey Sascha,
is re2c required now? I don't have it installed and get this error during
make:
I'll fix the timestamps in CVS.
- Sascha Experience IRCG
http://schumann.cx/
On Thu, 7 Mar 2002, [EMAIL PROTECTED] wrote:
Hey Sascha,
I tried the 'make test' routine, but every test fails now (I think that's
because of the php binary not being found or something.)
There are still a significant number of tests which fail,
because they are not supposed to run
: Wed, 6 Mar 2002 10:13:11 +0100 (CET)
From: Sascha Schumann [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED]
Subject: Build broken: --without-pcre-regex
Hi Andrei,
I suppose you already know that disabling pcre currently
breaks compiling aggregation.c?
/home/sas/src/php4/ext
BTW, if users set wrong save_path in php.ini, they can
use mm save handler when they set save_path in .htaccess or
httpd.conf.
Therefore, allowing invalid save_path for mm is not useless.
The MM module uses anon-shared-memory, i.e. the shared
segment must be initialized in the
Here are comments regarding each commit.
http://news.php.net/article.php?group=php.cvsarticle=9700
I've restored the old behaviour regarding SID (#15322).
A reordering of estrdups has also been committed. I suppose
the message fix small memory leak refers to that.
I thought the reporter want valid SID defined always, since I wanted
valid SID defined always. Document does not memtion when SID is
defined, IIRC.
Document should be updated.
It has been documented since I first wrote the session
documentation.
Alternatively, you can use the
I'll check and update doc if needed.
That was a direct quote from the documentation.
No. Try to read the code again. A user handler should
simply return a non-string.
It works sometimes, but it segfaults sometimes. (with original code)
..then please send me a test
On Thu, 28 Feb 2002, Derick Rethans wrote:
On Thu, 28 Feb 2002, Yasuo Ohgaki wrote:
Derick, Sascha, do you find any problem with my session
patch? It fixes many serious problems
I didn't test it yet, but go ahead and apply the patch
There were problems with the patch the last time I
On FreeBSD 4.4-STABLE ./configure make produces cgi +cli with one warning
ext/mysql/libmysql/my_tempnam.o: In function `my_tempnam':
/usr/home/ek/projects/php4/ext/mysql/libmysql/my_tempnam.c(.text+0x46):
warning: tempnam() possibly used unsafely; consider using mkstemp()
The binaries
Ok, here is a new version of the build5 patch. It fixes the
find issue and avoids lots of sed calls.
I'm seeing a 20% speedup compared to the CVS when building on
a Sun Ultra due to avoided make forks and less usage of
hard-disk space. The latter has been reduced from 35mb
Ok, I hoped to have more time to clean up a bit, but here we
go.
http://schumann.cx/build5-patch1.gz
This release features independence from automake, recursive
makes, implicit make rules, config_vars.mk, an upgrade of
shtool.
I've tested it successfully with
Hi,
looks like you have put a lot of work into this one :-)
Thanks for keeping up the work on the session module.
- Crashes are caused by invlaid save_path, invalid
session id name, return value from user defined session function.
There may be other crashes observed
I would like to see --share-max/--enable-most like
option also. I guess you are not going to implement
it, though.
Not yet..
When/if I have time tomorrow, I'll try to get the code
cleaned up and post a link to it. It basically implements
everything I've described in my
(unrelated to the thread on php-qa)
Hi guys,
I had some free time yesterday and so commenced to tackle
some issues in the current PHP build system which had
bothered me for too long.
I'm inlining an overview and a description of changes.. feel
free to comment.
Problem is in loading *.so file at start up.
Session module is designed to provide globals
for sub modules, if session module is not compiled
in and user load sub module, it spits undefined
symbol error at start up.
Runtime undefined symbol error for perfectly valid
php.ini (or config) is
On Sat, 17 Nov 2001, Derick Rethans wrote:
Hello Sascha,
this user has some troubles, and suggests that this action should be taken
in the configure process. Can I safely merge this in without problems?
Looks fine to me. IIRC, this was just some issue with the
auto-tools disliking
Sites I know about:
http://www.php-conference.de/2001/images/PHP_Konferenz/
http://www.bttr.org/phpconf/
http://www.photoalbum.nohn.net/PHPConference2001
On Wed, 14 Nov 2001, Andrei Zmievski wrote:
Did anyone take pics at the conference in Frankfurt and if so, are they
Ok, forget the test for a moment. Why would a g+x file not be executable
if the user trying to execute it is part of that group? That makes no
sense to me.
There are three classes, owner, group, world. If a process
tries to exec a file, the OS considers the best fitting class
There is a patch available which boosts the speed of the
unserializer significantly.
http://pair1.php.net/~sas/unserializer-speedup
A large percentage of the speedup was achieved by
eliminating the use of a hash for the reference
implementation. Credits go to Thies for
On Fri, 5 Oct 2001, Rasmus Lerdorf wrote:
Sascha, do you think it would be possible to move that call out of the
MINIT function in MINIT? It doesn't make a lot of sense to me to
initialize mm if it is not being used. Especially since this could fail
and prevent people from using file-based
On Fri, 5 Oct 2001, Rasmus Lerdorf wrote:
I have seen a number of people getting Unable to start session mm module
in Unknown on line 0 errors even when they aren't using mm as their
session handler.
Apparently there is some potential for education.
It is simply impossible to use
The above script works, ie. outputs an increasing number during
subsequent requests, when register_globals is turned off, but not,
ie. showing always '1', when it is turned on.
That depends on your PHP version. $foo and
$HTTP_SESSION_VARS[foo] should have been aliases for some
- gcc 3.0.1
GNU binutils might be required to support GCC-3.0.1 on your
platform.
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP Development Mailing List http://www.php.net/
To unsubscribe,
I didn't plan to implement it myself... yikes indeed. The question was
wether all compilers on 32bit platforms DO have long long support at
all, in other words: is it true that all compilers for which PHP needs
to compile have a C-type which is 64bit (native or not)?
`long long´ support
On Fri, 21 Sep 2001, Andi Gutmans wrote:
Seems like boyer_str_to_str() is buggy. If I change it to php_str_to_str()
it seems to work.
I think Sascha added this function but I might be wrong.
I did not change nl2br though. I probably would have noticed
that, if the commit message
On Wed, 19 Sep 2001, [EMAIL PROTECTED] wrote:
I wish to add two files to ext/session, and make some minor changes to
session.c and Makefile.in
That is not necessary. You can register a module on run-time
by calling php_session_register_module() (check out
php_session.h for the
On Wed, 19 Sep 2001, Andre Christ wrote:
Hi,
Where can I get the source or binaries for 4.07? I think I've discovered a
bug , but want to make sure with latest build. The bug has to do with Gnu
GCC 3.0.1 libraries. It's incompatible! Trust me it is! And I
even tried to
trick PHP by
On Tue, 18 Sep 2001, David Eriksson wrote:
On Tue, 18 Sep 2001, Zeev Suraski wrote:
Does anybody still have anything pending for RC3?
Do you want Universe included in RC3?
http://universe.2good.nu/
No new features please. RCs are purely intended for cutting
down the number of
On Tue, 11 Sep 2001, Jani Taskinen wrote:
After adding the JAVA_LIBPATH line also for the kaffe
part, I'm able to compile latest CVS without problems.
Another story is that no php binary is created.. :)
But this is just because I'm using the latest versions of
automake/libtool/autoconf
It should be noted that autoconf-2.13/libtool 1.4 (not any
later version) are still recommened. Autoconf 2.50+ takes
ages to generate the configure files while libtool 1.4b+ has
some possibly broken code merged into it from libtool's
multi-language branch.
- Sascha
I really Like this even i wanted to unsubscribe from this list but it does
not alove me to do so and simply just kill my space so if you have a way to
unsubscribe to this list so please tell me
Please note that you just need to follow the directions which
can be found in the footer:
The latest CVS configures and builds properly for me as a CGI
with IBMJava2-13 now. Please give it a try.
- Sascha Experience IRCG
http://schumann.cx/http://schumann.cx/ircg
--
PHP Development Mailing List
Cleaning up a language is a benefit worth paying in price for. How many
millions of lines of C code had to be re-written when the ANSI standard
was published?
Exactly none. ANSI preserves most KR semantics and that
won't change in the foreseeable future.
- Sascha
a href=#foo should demonstrate it. The session-id is
appended after the #foo which is obviously wrong. This
worked before the recent changes, so, whoever broke it,
please fix it.
Thanks,
- Sascha Experience IRCG
What is that boyer parameter doing there? It seems that it selects a
different algorithm for str_replace, but what is the difference?
It is an algorithm which uses suffix-automata to speed up
locating the search pattern (Boyer-Moore algorithm).
- Sascha
201 - 300 of 474 matches
Mail list logo