[PHP-DEV] Language Auto Detection / www.php.net

url after all searches to /en/ The site should at least be so intelligent to search in the /en/ part of the manual if I search from an /en/ page. Stefan Esser -- -- Stefan Esser

Re: [PHP-DEV] Re: #21139 [Ctl]: zlib.output_compression + windows failure

odule. But i will not have time for this until after x-mas. Yes, I think that's the reason, too (I use neither shared extensions nor windows, so I can't test this). But there was a comment on the bug report, that it worked with 4.3.0RC1, the zlib change was done before, so maybe there

[PHP-DEV] CVS Account Request: frogger

Contributing someting to the German translation -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Am I drunken?

Hi, is it only me, or is every php-dev mail sent out twice nowadays? I get every mail at least 2 times. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] GIF support

On Thu, Nov 21, 2002 at 10:25:57AM -, James Cox wrote: > guys, how about we just like leave this for a couple of months till 2003 > when the patent runs out? > > -- james I was just joking... Anyway I dislike all this patent shit. Stefan Esser -- PHP Development Mailin

Re: [PHP-DEV] GIF support

it on your harddisk, or? Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] GD 2.0.4

What happened to the GD lib folks? Every day a new version now? ;) Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Funny guys...

Morning, were there any problems with the cvs server yesterday? In my commit from yesterday morning i added the line pp++, this was commited as p++. In my file on the harddisk there is clearly a pp++ and NOT a p++. (Which makes no sense anyway) Stefan -- PHP Development Mailing List <h

Re: [PHP-DEV] Re: Fixing socket reads

Just wanted to say that I just tested ftp_fopen wrappers and whatever was added/modified in the stream code since i added ftps_fopen wrapper a few weeks ago must have broken it badly. Right now the gets() simply blocks... That was not the case a few weeks ago... Stefan -- PHP Development

Re: [PHP-DEV] Streams-Change ?!

On Thu, Oct 03, 2002 at 01:54:46PM +0200, Marcus Börger wrote: > There are problems especially in the streams seeker function at least. > > marcus Problem was in ext/ftp. Thanks anyway. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: htt

[PHP-DEV] Streams-Change ?!

Hi, was there a change of the streams EOF functions? I added some functionality to ext/ftp and must see that ftp_put uploads one byte less than the filesize. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] utime() problems

e touch()er is not the owner of the file. Maybe that has changed in 2.4 (but i doubt) And the broken code is still there with CVS from yesterday... Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] [Fwd: PHP fopen() CRLF Injection]

On Thu, Sep 12, 2002 at 10:47:12AM +0100, James Cox wrote: > Stefan, > > is this really worth it? I think this will break too many scripts. > > -- james My change only changes parse_url() to remove characters that are invalid in urls. If such characters occur in an url th

Re: [PHP-DEV] [Fwd: PHP fopen() CRLF Injection]

n CVS in the way that parse_url() removes control chars from urls when it splits them but infact any url passed to fopen MUST be urlencode()d. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: REPOST: PHP 4.2.3 Released

> Showed up fine before That is strange because I did not receive it over the list and it is not in the php-dev web archive. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] REPOST: PHP 4.2.3 Released

. Thanks, Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: #19286 [NEW]: header() Control Char Injection

tion" is used. [ ] His Java Script will be executed. Stefan Esser PS: Is php-dev censored? Or why disappeared my mail about MD5/GPG signs of PHP 4.2.3... Is there some autofilter on "group says everytime: we do it the next time?" -- PHP Development Mailing List <http://ww

[PHP-DEV] PHP 4.2.3 Released...

times that php.net servers are secure. Even if that is true (I somehow doubt it), you cannot ensure that all Mirrors are secure. Especially because your own statistics show that some of them are running old software. Thanks, Stefan Esser -- PHP Development Mailing List <http://www.php.net/&

Re: [PHP-DEV] mbstring

> AFAIK, there is no serious bug in mbstring. > If there is serious problem, let us know so that it can be > addressed. Then start with removing double url decoding of the input... and then fix the "mad" separator counter ... Stefan -- PHP Development Mailing List <h

Re: [PHP-DEV] Problem with http://php.net

Back to the topic... When will the MX be up again? Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Problem with http://php.net

> This goes to everyone who has root or sudo on the boxes.. for example i'll > get paged if something gets broken. This should guarentee a faster response > time (although, php-dev works too :)) Wow. I guess your pager does not stand still a second then... :) Stefan -- P

[PHP-DEV] ZendAPI - zend_atoi

Hi, could we change zend_atoi to use strtol instead of atoi? Otherwise I cannot use OnUpdateInt for the default_umask switch because atoi does not support octal values. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] [USER-FEATURE-REQUEST]: umask in php.ini

Hi all, some FreeBSD guy just asked for support of a default umask flag per Virtual Host. I told him auto_prepend_file as workaround, but if noone objects I am going to commit some default_umask switch into cvs by tommorow. Stefan -- PHP Development Mailing List <http://www.php.net/&

Re: [PHP-DEV] UTF-8 encoding

On Sun, Aug 25, 2002 at 09:21:01PM +0200, Stig Venaas wrote: > Great, I've been wondering why UTF-8 wasn't defined like that > in the first place. Could you please give me a pointer to the > addition? It is defined in RFC 2279. Regards, Stefan -- PHP Development

[PHP-DEV] UTF-8 encoding

forget my last mail... I just found the addition myself. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] UTF-8 encoding

which is an invalid utf-8 sequence. But the utf-8 decoder would recognise it as the lead byte of a 6 byte utf-8 sequence. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Problems uploading large files

> [error] PHP Warning: Only 1284 bytes were written, expected to write > 5119 in Unknown on line 0 Your /tmp directory is most likely full. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] trans-sid warning?

I do not understand the sense of this whole discussion. HTTP is a plaintext protocol. So nothing transfered over HTTP can be secure. No urls, no session no anything. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 / php.ini-dist php.ini-recommended /ext/zlib zlib.c

ites which have switched zlib.output_compression on, but left output_buffering the default value. Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List <http://www.php.net/>

[PHP-DEV] Re: [PHP-CVS] cvs: php4 / php.ini-dist php.ini-recommended /ext/zlib zlib.c

NEWS entry got truncated, can you fix this? What's the benefit of the new behaviour? I think the old one was a rather good default, because compression of small chunks doesn't make sense and you could change the size via zlib.output_compression. Stefan -- Stefan Röhrich

Re: [PHP-DEV] segfault in recent code

On 2002-08-01 02:28:26, Rasmus Lerdorf wrote: > That fixed part of it, there is still another segfault in there somewhere. Maybe it has to do with the silly strncasecmp error I made (and just committed a fix to SAPI.c), but I don't know how this would cause a segfault. Stefan --

Re: [PHP-DEV] Weird?!?!

On Wed, Jul 31, 2002 at 07:24:05PM +0200, [EMAIL PROTECTED] wrote: > On Wed, 31 Jul 2002, Stefan Esser wrote: > > > should that be replaced with: > > > > result->value.lval = (long)dval; > > > > instead of calculating the multiplication again??? >

[PHP-DEV] Weird?!?!

result->value.lval = op1->value.lval * op2->value.lval; result->type = IS_LONG; } return SUCCESS; ... should that be replaced with: result->value.lval = (long)dval; instead of calculating the multiplication again??? Stefan

[PHP-DEV] New FTP extension functionality

Hi, yesterday I did several commits to the FTP extension. Due to the fact that I do not know how I can document the stuff myself and right now am lacking the time here is a brief instruction: Stefan Esser --- 5 new

Re: [PHP-DEV] safe_mode and files permissions q?

> yeah that's a solution but it doesn't work in case of mass hosting : can't update > php.ini for each new user and have it carry 2 peta zillions safe_mode_include_dirs :) just a guess: safe_mode_exec_dir=./script-data Stefan -- PHP Development Mailing List <

Re: [PHP-DEV] safe_mode and files permissions q?

ir to this directory. This should eliminate the problems. ATTENTION: do not forget to tell apache via httpd.conf that script-data is NOT accessible from the outside. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Fw: PHP content-disposition vuln

Hi all, this is not a worm. According to the logs someone attacked this guy with one of the TESO exploits 7350fun or 73501867 in bruteforce mode. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Switching zlib.output_compression, bug #16109

a mid sized hoster and want to have compression, you only have to persuade your hoster to switch a php.ini entry (or use .htaccess), not to persuade him to install yet another Apache module ;-). Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PRO

Re: [PHP-DEV] Switching zlib.output_compression, bug #16109

without having to change every script which sends an image because of this netscape bug (which is visible e.g. with phpinfo()). You still can force off the output compression via ini_set (or even force it on for images, e.g. if you want to send uncompressed gifs). St

Re: [PHP-DEV] Re: Switching zlib.output_compression, bug #16109

Yes, but we need some kind of detection in order to disable it for PHP internally generated images like the PHP/Zend logos used by phpinfo(). Or we have to switch compression off there. Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED]

[PHP-DEV] Switching zlib.output_compression, bug #16109

in the send_headers call, I haven't commited it yet, see the attached patch. If nobody objects, I'll commit it in a few days. Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ diff -ur /home/sr/cv

[PHP-DEV] ZEND_MODULE_API_NO in HEAD

Hi, the ZEND_MODULE_API_NO (zend_modules.h) is different in the php_4_2_1 and the HEAD branches. Is that supposed to be so? Regards Stefan Livieratos -- ICS Plus Internet Consulting + Services == Aeussere Brucker Str. 51 D-91052 Erlangen Germany

Re: [PHP-DEV] RFC: slight change to exec functions (Was Re: [PHP-DEV] why does exec() use the shell?)

> Are there any objections to making such a change? I don't think it > has any BC implications. It will have BC implications ;) Because it would finally allow to pass multiple parameters to a program when in safe mode... Stefan -- PHP Development Mailing List <http://ww

Re: [PHP-DEV] zlib double free bug and php

this library, you don't have to rebuild PHP, but check with phpinfo() to which version PHP is actually linked after the update). You can use phpinfo() to see to which zlib version PHP is linked, 1.1.4 should be safe (but some systems use patched version of 1.1.3, which are safe, but don'

Re: [PHP-DEV] [PATCH] or Karmarequest for zend_llist.c

Within the engine itself the dtor is NULL so no leak there. But remove_tail is also used within the fileupload code where it causes a memoryleak when headers are splitted over several lines. I will commit some changes to fileupload code within the next 30 minutes... Stefan -- PHP Development M

[PHP-DEV] [PATCH] or Karmarequest for zend_llist.c

Hi, herewith i send my patch for the memory leak within ZendEngine(1/2). This was discussed with Zeev and Andi before but noone fixed it. So please apply the patch now, or give me the karma and I do it myself... Stefan --- zend_llist.c.orig Wed Jun 5 13:58:41 2002 +++ zend_llist.c

Re: [PHP-DEV] Discourage use of short tags

Hi, Removing the short tags from future php releases, or disabling them by default, is like stripping functions from glibc because they do not exist on other platforms. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.p

Re: [PHP-DEV] RFI: Request for Interfaces

. This would make a lot of things easier for many php users, especially I like the idea of mmapping files, maybe you can then transparently switch between memory streams, files and even strings (especially the last option sounds nice). Stefan -- Stefan Röhrich [EMAIL PROTECTED

Re: [PHP-DEV] The PHP Platform

e >it rarely ever happens. even if it does, you > have go through it all over again if you switch hosts) You obviously cannot make the language responsible for the decisions of hosting provider system administrators. Regards, Stefan Livieratos -- ICS Plus Internet Consulting + Services

Re: [PHP-DEV] The PHP Platform

nce I see featurewise is that MSXML offers XML Schema validation which is not yet supported by domxml (libxml2). Regards, Stefan Livieratos -- ICS Plus Internet Consulting + Services == Aeussere Brucker Str. 51 D-91058 Erlangen Germany =

Re: [PHP-DEV] Please forward to the list, I'm not a member anymore... (fwd)

Morning, > > It is GPL > > Then we can't use it with PHP... sorry, but I do not see your point. How can optional support for a GPL library in PHP violate the GPL? Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] RE: [PHP-QA] Supporting Apache 2 with PHP 4.2.0

ested in the wild (not only by QA members but on ALL weird platforms) or QAed code that will be not working on some systems/platforms, too. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] 4.1.3?

want the newest version. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: Re: Session patch

Sorry, what do you want to tell us? Your mail doesn't make any sense. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] file upload issue in HEAD

the input fields) php would not handle the request. Hmm yeah if you disable the file_upload you turn off whole multipart processing. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Session patch for ID created by handler

+ 3.14159 Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] file upload issue in HEAD

> By the way, this didn't work at all in 4.1.2. Any Sorry but I cannot reproduce this. The _REQUEST array is filled here. The only strange thing is that phpinfo doesn't show it... But var_dump and print_r do... Stefan -- PHP Development Mailing List <http://www.php.net/

Re: [PHP-DEV] ErrorLog problem

message repeated x times". Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: Re: Session patch

URLs are patents. > Please ask Hartmut for more details. Ask more about what? That this stuff is patented is funny, because it shows how idiotic the european law is, but thats another story. Anyway I wonder what Hartmut can tell me about Sevenval that I don't already know :) Stefan -- PHP Develo

Re: [PHP-DEV] Re: Re: Session patch

technology which makes use of hostnames to contain the session ids. Stuff like this is needed to track f.e. shockwave or flash content. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/standard basic_functions.c basic_functions.h

n uploaded files. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Question concerning zend_mem_header

nd the use of it. Maybe i will create an inofficial "Zend hardening patch" for *BSD users. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Question concerning zend_mem_header

ly on Solaris/Linux and maybe Windows. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] fgetss_state - seemingly unused

running two fgetss() in "parallel" would > > get confused otherwise. Yes, it really sounds like a good idea, and I'm sure that there will be more ideas, how stream state variables can be used ;-). Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PRO

Re: [PHP-DEV] fgetss_state - seemingly unused

ask > me. This is the diff: Yes, it's really nice to have such a long history. > So it did actually make sense at one point. It has just sort of lost its > way over the years. So it should be save to remove the *getss_state variables? Stefan -- Stefan Röhrich [E

Re: [PHP-DEV] OT? buffer overflow attacks

PHP flaw is too hard to realisticly exploit it? The guys who are responsible for lot of admins not upgrading because they believe "that it is too hard to exploit?" Stefan Esser PS: anything written in this mail is my personal opinion and I do not speak for the rest of the php develo

Re: [PHP-DEV] fgetss_state - seemingly unused

, this really looks like an oversight or a leftover from old code, but I just looked at the cvs changelog and didn't see anything on a quick glance. Maybe the state vars should be removed, the code is really old and nobody has complained until now (but passing by reference seems to be the intended

Re: [PHP-DEV] fgetss_state - seemingly unused

tover of some old code? I doesn't look like the code has changed, the state ist always initialized to 0, but it's used in php_strip_tags to maintain the state between invocations from calls of {f,gz}getss(). Stefan -- Stefan Röhrich [EMAIL P

Re: [PHP-DEV] [BUG]vulnerabilities in PHP's file uploadcode - still uncovered in 4.1.2

to send malformed fileuploads. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Bug #16128

Hi, The problem is, that php_checkuid was broken since PHP 4.? move_uploaded_file doesn't check openbasedir restriction should we add that? Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Streams are here!

xt/bcmath/libbcmath, so we can avoid the (long) workaround. Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Streams are here!

lar is needed in this file. Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] HEAD broken

current HEAD doesn't compile due to /ext/session/session.c, /ext/standard/var.c -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] exec + safemode

Hi, It is not off topic. Its an annoying bug and I asked around if I oversee something if i change php_escape_shell_cmd to ignore stuff between quotes. (off course checking for escaped quotes within the quotes) Stefan -- PHP Development Mailing List <http://www.php.net/> To unsub

[PHP-DEV] safe_mode + exec

f we simply overjump quoted parts? Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] exec + safemode

Morning, (maybe i am just blind...) I doubt this can be counted as support question *grin* Has anyone of you ever tried to exec a command while in safe_mode? exec ("blub"); works fine, but it seems impossible to give a param to blub that has spaces in it. Stefan -- PHP Developme

Re: [PHP-DEV] Make php-cvs@ read-only

s of the cvs commits to php-dev. Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] ZLib (double free) bug

is platforms. But I think using this double free bug would be a little bit of overkill for a configure script ... Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List <http://

Re: [PHP-DEV] PHP audit project

s to work on PHP, let our project stop. I don't have anything against you guys working on PHP. Four eyes do always see more than two and in the end i think our both interest is a secure PHP. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] PHP audit project

Hi, strlcpy and strlcat are inventions of the OpenBSD project. Since they invented those they are trying to "infect" other projects. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: Have you seen the "PHP audit project"?

never get such arrogant messages like: "This bug was fixed in PHP hardening patch about a year ago". Exactly this happened with the SSH deattack hole. Stefan Esser -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] 2 patches for zlib.c - should fix #14939 + #15930

u can give a mode of FORCE_DEFLATE and then you get a normal zlib deflated string plus the gzip file header but without the trailing checksum. Can you please test it a little bit and if nobody objects, I'll commit it to HEAD. (Derick: these are two bug fixes, please tell me, if I should commit

[PHP-DEV] Re: [PHP-CVS] cvs: php4 /main rfc1867.c

> Hi Stefan, could you shortly explain why a single browser needs such a > workaround? Since Opera 6.01 is less than a month old, shouldn't they be the > ones fixing such a problem? Have you talked to them about it? It is not really a workaround it makes the fileupload behave mo

[PHP-DEV] Re: Bug #15930 Updated: gzencode can't have a level

ct). How should we proceed? Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] SHA-1 support

), but rather in using MD5 for small guessable things like passwords without any salt or similar. Today you probably should go to longer key and hash sizes, but I think MD5 is still a lot better than old unix crypt. Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED]

Re: [PHP-DEV] SHA-1 support

better), but as far as I know it's not "fairly easy to crack". (I must search the Dobbertin paper, which probably found the first serious design flaws in MD4, but IMHO no real attacks in practice until now for MD5. Are there any newer papers about this?) Stefan -- Stefan Röhrich

[PHP-DEV] Snapshot binary release...

it. I write this while reading #8744. Because it sounds like another occurence of the uninitialised variable problem in SAPI.c. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Disable magic quote by default.

ned to work without mqbd today. Hmmm btw... This idea just came to my mind and i don't know if it would be too much overhead, but what about keeping track of what variables got already magically quoted and do not quote them again if the script wants it. Stefan Esser -- PHP Development Mail

Re: [PHP-DEV] [patch] one script to handle them all

Hmm, maybe we should first hear if anyone has an argument against such an additional feature. I think its less overhead than mod_rewrite. +1 from me Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: Bug #15523 Updated: Line Number

I know myself that you can workaround with an additional parameter. I just wanted to make you guys notice that you talk about different stuff. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: Bug #15523 Updated: Line Number

__LINE__ contains the current line number, not the callers linenumber, so its neither closed, nor bogus. Just my 2 cent Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] [PROPOSAL] defense against session takeovers

> How about that we use the SERVER_NAME environment variable when > generating session filenames? Instead of name like sess_, the name > could be sess__, where is a server fingerprint? I > understand that this is not foolproof (say, for applications > that run on the sam

Re: [PHP-DEV] [PROPOSAL] defense against session takeovers

someone go and bitch at Microsoft who endangers about 70% of all session-ids out there. Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail:

Re: [PHP-DEV] malformed header from script

The CVS is fixed now. I did not recognise that i broke SAPI.c because my apache did load the old module. Sorry for the wasted build time. Full blame on me Stefan -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands,

[PHP-DEV] Bug #14287: array_diff takes string as second argument

From: [EMAIL PROTECTED] Operating system: W2K PHP version: 4.0.6 PHP Bug Type: Scripting Engine problem Bug description: array_diff takes string as second argument Seems like array_diff will take a string as second argument, e.g. array_diff ($bla, "fred") where $bla is

Re: [PHP-DEV] set_time_limit() bug - pending for PHP 4.1.0

What versions of apache are you guys running? -- PHP Development Mailing List To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] CVS Account Request: stefan

I would like to help the group to translate the doc into german. -- PHP Development Mailing List To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] CVS Account Request: s.esser

Hello, i would like to participate in the whole process of php development. for now i like to ask if i can maintain the filepro extension because afaik its unmaintained at the moment and full of bufferoverflow bugs, etc... SE -- PHP Development Mailing List To unsubscri

[PHP-DEV] CVSup - connection refused

Hi, I am trying for several weeks to mirror the CVS Repository via CVSup, but i permanently get a "connection refused" error. Is there no longer a CVSup server or is there just a temporary problem? thanks, stefan esser -- PHP Development Mailing List <http://www.php.net/> T

Re: [PHP-DEV] zend_do_end_class_declaration() question

k_abstract_methods(CG(active_class_entry)); CG(active_class_entry) = NULL; } With do_check_abstract_methods: static void do_check_abstract_methods(zend_class_entry *ce) { if (ce->parent) { fprintf(stderr, "num = %d\n", zend_hash_num_elements(&ce->parent->abstra

  1   2   >