Re: [PHP-DEV] OT? buffer overflow attacks
Hi, firewall project running on stock hardware with a stripped-down RedHat Linux. Are you speaking of RootHat? Any admin (of the people I know) running a RedHat distribution, switched to Debian because RedHat systems are target #1 for script kiddies. A bone of contention is, obviously, the security reputation of PHP. Hmmm security reputation of PHP? Should we add up the number of remote vulnerabilites in OpenSSH compared to the one remote flaw in PHP? OpenSSH 3.1 has still 2 remote vulnerabilities that got meanwhile fixed in the cvs (because of me and some other guy). The team is willing to concede that bad installation accounts for most of the problems -- But are still concerned about buffer overflow attacks. If you are sooo concerned about buffer overflow attacks than chroot your apache. I'd love to hear that there are no known buffer overflow attacks in PHP core (the Zend Engine) nor in the XML/RPC extension, and both If there is such an attack, it would be fixed in cvs. personnel, preferably somebody with a verifiable reputation in security. Are you speaking of SANS? The guys telling the world that the PHP flaw is too hard to realisticly exploit it? The guys who are responsible for lot of admins not upgrading because they believe that it is too hard to exploit? Stefan Esser PS: anything written in this mail is my personal opinion and I do not speak for the rest of the php developers. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] mysql/config.m4 breakage
Jani's commit introduced a failure, because it did not take a restriction into concern. Quote from the announcement: Now, you need to tell the build system that you want to build files in a directory called $ext_builddir/lib: PHP_ADD_BUILD_DIR($ext_builddir/lib) Make sure to call this after PHP_NEW_EXTENSION, because $ext_builddir is only set by the latter. I've committed the whole text as README.UNIX-BUILD-SYSTEM. - Sascha Experience IRCG http://schumann.cx/http://schumann.cx/ircg -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] fgetss_state - seemingly unused
On 2002-03-19 16:40:51, Rasmus Lerdorf wrote: This is a remnant from my original implementation in PHP 2. It was committed: Mon May 20 15:20:25 1996 (5 years, 10 months ago) Some code never goes away ;-) ... Having that level of revision history is actually pretty cool if you ask me. This is the diff: Yes, it's really nice to have such a long history. So it did actually make sense at one point. It has just sort of lost its way over the years. So it should be save to remove the *getss_state variables? Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] 420 configure broken
I just tried to ./configure on one of our old work maschines and got buildconf: checking installation... buildconf: autoconf version 2.13 (ok) buildconf: automake version 1.4 (ok) buildconf: libtool version 1.4.2 (ok) ./configure ... ... checking for ICAP support... no checking for iconv support... no ./configure: line 27609: syntax error near unexpected token `|pthread*' ./configure: line 27609: ` c|c_r|pthread*' Stefan -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Session Patch
Walter A. Boring IV wrote: The patch provides: configure option --enable-app-session, which turns on the new functions. session_get_list() : function which returns an array of active session ids. session_get_data() : function which returns the session data array of a particular session id. session_destroy_id() : destroys a particular session. What's the purpose of this, what's the difference to msession? Ulf -- Free for Freelancing: PHP (Anwendungsentwicklung, Schulungen) Berufserfahrung, Kongressannahmen... http://www.ulf-wendel.de -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: question concerning rc1
Hello, On Tue, 19 Mar 2002 [EMAIL PROTECTED] wrote: hmmm would it be a possible to add the ftp safe_mode features to 420 if we simply add a configuration line like ftp_safe_mode = On/Off defaulting to Off? It's still a new feature then, and I dont like the idea of adding yet another configuration directive for this. It's part of the safe_mode, and should be used as such. So I think the wisest idea is to skip it for 4.2.0. Derick That way there is some additional feature but it is turned off by default and we are safe if we get bug reports like ftp extension security hole (infact i dont know the number, but there is already such a report) Stefan -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] CVS Account Request: lmaxcar
I wanna help the php community translating some documents in english to portuguese (pt_BR) because brazilians doesn´t undestand english and there isn´t a PHP manual in portuguese. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Proposed new mail function mailfx()
I've written another mail function to deal with one of our ISP clients' needs. I don't know if the functionality is found elsewhere - nowhere in the documentation that I have seen, though. The standard mail function is mail( to, subject, message, optional-headers ) The client had two issues. First is not a big deal, they had a file to send but mail() wants a string for the body. A file can be read into a string, so that's not major, but still it'd be nice to be able to read the content from a file, especially when the content is large. Second issue was more critical. We need for the user to coerce their identity for sendmail using -f, but there's no way to pass additional parameters to the mailer with mail(). The php.ini is sitewide and the users need to submit different values for -f. I've written and done preliminary testing for a function mailfx( to, subject, filename, optional-headers, optional-parameters ) where mailfx means mail from file, extended. The optional parameters are appended to the mailer path before the mailer is invoked, so that allows -f username for sendmail. The length of the mailer path plus the parameters is verified not to exceed the length of the buffer used to do this. The optional headers are used as with mail(). The filename replaces the string. Now, the file is checked and opened (code ripped off from ext/standard/file.c), and the contents are read in and written to the mailer. The version I have works on Unix. I've left the relevant ifdef WIN32's in place for a Windows person to complete the Windows version (since I won't assume parameters are handled the same on Windows.) Hopefully not much work there. Having the parameter version read a file and the normal version use a string is a little awkward, maybe a better thing to do is make an extended function that provides a flag to indicate if the source is a file or a string. Yet another argument... Anyway, this thing works for me as an integral part of PHP4 - I used the code of php-4.0.3pl1 to do this. Something like this would be generally useful. If PHP core team is interested, let me know what I need to submit for review for possible inclusion. -ecsd -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] OT? buffer overflow attacks
Stefan Esser wrote: The team is willing to concede that bad installation accounts for most of the problems -- But are still concerned about buffer overflow attacks. If you are sooo concerned about buffer overflow attacks than chroot your apache. And use libsafe or smilar tools if you would like. -- Yasuo Ohgaki -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure broken: Iconv detection still not right...
Can you try the latest CVS now? I accidently committed something that is only available in autoconf 2.52. (odd thing is that it worked for me even with 2.13) --Jani On Sun, 24 Mar 2002, Adam Maccabee Trachtenberg wrote: It happens with me w/ latest CVS. autoconf 2.13, automake 1.4p5, libtool 1.4. -adam On Wed, 20 Mar 2002, Jani Taskinen wrote: And this happens with latest CVS? Which autoconf/automake/etc versions you have? --Jani On Wed, 20 Mar 2002, Wez Furlong wrote: Hey guys, There's something screwy with the iconv detection/config that's mangling configure - it's generating code like this: Line 28183 or so of configure: case $iconv_lib_name in c|c_r|pthread* fi ;; *) LIBS=-l$iconv_lib_name $LIBS ;; esac The fi looks totally bogus to me, and it looks like there is a missing ) after pthread* --Wez. -- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] mysql/config.m4 breakage
Excellent. Hopefully it's now fixed. --Jani On Wed, 20 Mar 2002, Sascha Schumann wrote: Jani's commit introduced a failure, because it did not take a restriction into concern. Quote from the announcement: Now, you need to tell the build system that you want to build files in a directory called $ext_builddir/lib: PHP_ADD_BUILD_DIR($ext_builddir/lib) Make sure to call this after PHP_NEW_EXTENSION, because $ext_builddir is only set by the latter. I've committed the whole text as README.UNIX-BUILD-SYSTEM. - Sascha Experience IRCG http://schumann.cx/http://schumann.cx/ircg -- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Floating point comparisons - A fix
Rasmus,
It seems performance is your main concern, mine too.
Just because nobody else does it is of course not
reason enough not to do
it, but doing 2 sprintf's for every floating point comparison makes
me
cringe.
Two sprintfs made me cringe too when I tried it. That's why the code
I suggest takes this into account:-
> The effect on double comparisons is not negligible. sprintf's are
> relatively expensive in terms of performance and adding the overhead of
> two sprintfs to every single double compare would have been nasty.
>
> To minimise this the new compare_function code first of all checks that
> the operands are not already equal and are "close enough" that a string
> compare is necessary before forcing the sprintfs. The test is for (a-b)
> != 0 ((a-b)/a) 1e-(precision-1) e.g. (0.2 - 0.1) != 0 ((0.2 -
> 0.1)/0.1) 1e-13.
The overall performance hit is basically the same as single character
comparisons i.e. fixed 0.8 == 0.7 + 0.1 runs as fast as 'a' == 'b'.
That doesn't seem unreasonable to me, strings are after all the most important
type in php. It runs faster than '0.8' == '0.8'. The sprintfs
hit is typically only required when we are genuinely hitting recurring
binary representation of decimals problems e.g. 0.1. It may be serious,
but it will also be rare.
That'd be a pretty serious performance hit to take.
Do you know of any
language where floating point comparisons work like that? Certainly
in
both C and Perl you will never get 0.8 to equal 0.7+0.1 exactly.
As to other languages, you appear to be correct when it comes to php's
e.g. perl/mysql. However, the reason this struck me as so ridiculous
in the first place, is that for 15 years I used 4GL/RADs (Info, Structure/4,
sqr), where I never dreamt of this problem. Of course, these
were commercial products heavily used in financial applications in big
corporates, so obviously this was resolved in their very early days.
I am obdurate on this issue and will remain so. It may seem entirely
natural to a C programmer, but, php is not for C programmers and it's ridiculous
to do so much superb work on making php type-less and then let this through.
I'd expect it from Perl, which is why I don't use Perl. I don't
expect it from MySQL and PHP. In one sense MySQL is much worse in
that the recurring binary problem is not even resolved for fields
with their own explicit precisions e.g. decimal(5,2). On the other
hand the MySQL comparison/floor functions are much less central to the
tool's core useage. You can be confident that I will be taking this
up with the MySQL developers, but I thought I'd better start with php!
George
-Rasmus
On Tue, 19 Mar 2002, George Whiffen wrote:
> Hi Folks,
>
> 0.8 == 0.7 + 0.1 or does it?
>
> I know I've brought this up before, but it's still driving me nuts,
and
> I still don't know how to explain it to a novice, so rather than
go on
> ranting I thought I'd try a fix.
>
> I'm no C programmer, and what I know about php source can be written
on
> the back of a very small envelope. But at least you can laugh
at my
> appalling code, and, hopefully, explain to me why it can't go in
the
> next release ;).
>
> Summary
> ===
> The fix is based on a string convert and comparison. It seems to
work,
> is not too serious from a performance point of view, and only involves
> two sources, four functions and a 100 lines or so of code.
It does not
> create cumulative rounding errors, is easily controlled via an existing
> ini variable i.e. "precision" and improves the consistency of php's
use
> of precision.
>
> The Bugs/Undesirable Features
> =
> 0.8 == 0.7 + 0.1 evaluates to false
> (int) (8.2 - 0.2) evaluates 7
> intval(8.2 - 0.2) evaluates to 7
> floor(10 * (0.7 + 0.1)) evaluates to 7
> ceil (10 * (-0.7 + -0.1) evaluates to -7
>
> Basis of the Fix
> ==
> In general these would all evaluate correctly if they were evaluated
to
> the precision specified in php.ini (typically 14 for IEEE 64bit).
>
> The fix replaces the current equality test on doubles, (a - b ==
0),
> with a string compare to 'precision' decimal places e.g.
> sprintf("%.14G",a) == sprintf("%.14G",b). This is a modification
to the
> doubles section of the Zend/zend_operators.c compare_function, which
> ultimately handles all comparisons, ==, !=, >=, >, , =.
>
> Floor, ceil, (int), intval(), are fixed with an equality check of
their
> integer result to one above or below it, (as appropriate) via
the
> modified compare_function.
>
> e.g. floor becomes
> if a == floor(a) + 1
> return floor(a) + 1;
> else
> return floor(a)
>
> Apart from some performance tweaks, that's about it i.e.
> Zend/zend_operators.c:compare_function
> Zend/zend_operators.c:convert_to_long_base
> ext/standard/math.c:ceil
> ext/standard/math.c:floor
>
> Testing
> ===
> The fixes seem to work. However, they have only been tested on a
4.1.2
> source under Linux 2.4.8-26mdk. They solve the problems listed above
> and do as well as a basic cgi build of
Re: [PHP-DEV] 420 configure broken
Try the HEAD branch. And let me know if it works now. --Jani On Wed, 20 Mar 2002 [EMAIL PROTECTED] wrote: I just tried to ./configure on one of our old work maschines and got buildconf: checking installation... buildconf: autoconf version 2.13 (ok) buildconf: automake version 1.4 (ok) buildconf: libtool version 1.4.2 (ok) ./configure ... ... checking for ICAP support... no checking for iconv support... no ./configure: line 27609: syntax error near unexpected token `|pthread*' ./configure: line 27609: ` c|c_r|pthread*' Stefan -- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Floating point comparisons - A fix
Marcus Börger wrote:
But there is an I-triple-E standard (as mentioned) and that has - the
nature of floating point dictates it - only a small amount of relevant
numbers. Additionally computers work with binary data whereas
humans work with decimals. Therfore you cannot expect floating point
numbers to be able to represent the exact value you want to have.
You cn expect floating point numbers to represent the value you want to a
sufficiently low precision. In the case of IEEE 64bit, the default php
precision of 14 is fine. My point is to use it on comparisons by default.
*Everyone* who knows a little bit of mathematics and programming should
know this.
Conclusion there is no need to slow donw performance...
But you have to slow down performance to fix this when you actually program your
own rounding or whatever. In general, I believe you slow down performance much
less overall by using my fix. The performance issue is ultimately about overall
application performance.
I had to work hard to find test scenarios where any performance difference was
measurable. Try the fix on an actual application where you think you might
suffer and see if you can measure the difference!
But the idea is not so bad... so when thinking about inclusion it should
be a feature that is disabled by default.
marcus
At 01:22 20.03.2002, you wrote:
That'd be a pretty serious performance hit to take. Do you know of any
language where floating point comparisons work like that? Certainly in
both C and Perl you will never get 0.8 to equal 0.7+0.1 exactly.
Just because nobody else does it is of course not reason enough not to do
it, but doing 2 sprintf's for every floating point comparison makes me
cringe.
-Rasmus
On Tue, 19 Mar 2002, George Whiffen wrote:
Hi Folks,
0.8 == 0.7 + 0.1 or does it?
I know I've brought this up before, but it's still driving me nuts, and
I still don't know how to explain it to a novice, so rather than go on
ranting I thought I'd try a fix.
I'm no C programmer, and what I know about php source can be written on
the back of a very small envelope. But at least you can laugh at my
appalling code, and, hopefully, explain to me why it can't go in the
next release ;).
Summary
===
The fix is based on a string convert and comparison. It seems to work,
is not too serious from a performance point of view, and only involves
two sources, four functions and a 100 lines or so of code. It does not
create cumulative rounding errors, is easily controlled via an existing
ini variable i.e. precision and improves the consistency of php's use
of precision.
The Bugs/Undesirable Features
=
0.8 == 0.7 + 0.1 evaluates to false
(int) (8.2 - 0.2) evaluates 7
intval(8.2 - 0.2) evaluates to 7
floor(10 * (0.7 + 0.1)) evaluates to 7
ceil (10 * (-0.7 + -0.1) evaluates to -7
Basis of the Fix
==
In general these would all evaluate correctly if they were evaluated to
the precision specified in php.ini (typically 14 for IEEE 64bit).
The fix replaces the current equality test on doubles, (a - b == 0),
with a string compare to 'precision' decimal places e.g.
sprintf(%.14G,a) == sprintf(%.14G,b). This is a modification to the
doubles section of the Zend/zend_operators.c compare_function, which
ultimately handles all comparisons, ==, !=, =, , , =.
Floor, ceil, (int), intval(), are fixed with an equality check of their
integer result to one above or below it, (as appropriate) via the
modified compare_function.
e.g. floor becomes
if a == floor(a) + 1
return floor(a) + 1;
else
return floor(a)
Apart from some performance tweaks, that's about it i.e.
Zend/zend_operators.c:compare_function
Zend/zend_operators.c:convert_to_long_base
ext/standard/math.c:ceil
ext/standard/math.c:floor
Testing
===
The fixes seem to work. However, they have only been tested on a 4.1.2
source under Linux 2.4.8-26mdk. They solve the problems listed above
and do as well as a basic cgi build of 4.1.2 on run-tests.php (i.e.
they pass everything except pow.phpt, pear_registry.phpt and 029.phpt).
They also seem to behave identically to an unfixed version if
'precision' is set high enough e.g. set_ini('precision',18).
Backward Compatibility
I've tried and failed to come up with a realistic scenario where this
fix compromises existing user code.
The main reason is that string, printf, sprintf already force the
precision set in php.ini. This means it quite difficult for someone to
have exploited the fact that compare_function does not. To hit problems
with the fix they would have to have first decided they care about the
digits beyond 'precision', but do not care enough to use the bc
library. They then have to gone to some trouble to get hold of
Re: [PHP-DEV] Floating point comparisons - A fix
Alan Knowles wrote:
wouldnt ~== ,~, ~, ~= etc. be relivant here -
from what I remember of maths, (to long ago) ~ was the symbol for
similar (and 2 together for approximatly equal) - hey even found a
reference for it...
http://www.gomath.com/htdocs/ToGosheet/algebra/mathsymbols.html
I certainly wouldn't advocate any new operators for this. The point is to
make string and floating point comparison consistent for php, and thereby, by
default, remove the recurring binary representation of decimal issue i.e. so
that the following all give the same result:
0.8 == 0.7 + 0.1
('Answer='. 0.8) == ('Answer=' . (0.7 + 0.1))
(string) 0.8 == (string) 0.7 + 0.1
(int) (10 * 0.8) == (int) (10 * (0.7 + 0.1))
print 0.8 and print 0.7 + 0.1
etc.
Introducing new operators would only make php more typed rather than
less.George
the only thing is it would confuse perl people :) =~ (it;s the regex
symbol in perl)
regards
alan
Rasmus Lerdorf wrote:
That'd be a pretty serious performance hit to take. Do you know of any
language where floating point comparisons work like that? Certainly in
both C and Perl you will never get 0.8 to equal 0.7+0.1 exactly.
Just because nobody else does it is of course not reason enough not to do
it, but doing 2 sprintf's for every floating point comparison makes me
cringe.
-Rasmus
On Tue, 19 Mar 2002, George Whiffen wrote:
Hi Folks,
0.8 == 0.7 + 0.1 or does it?
I know I've brought this up before, but it's still driving me nuts, and
I still don't know how to explain it to a novice, so rather than go on
ranting I thought I'd try a fix.
I'm no C programmer, and what I know about php source can be written on
the back of a very small envelope. But at least you can laugh at my
appalling code, and, hopefully, explain to me why it can't go in the
next release ;).
Summary
===
The fix is based on a string convert and comparison. It seems to work,
is not too serious from a performance point of view, and only involves
two sources, four functions and a 100 lines or so of code. It does not
create cumulative rounding errors, is easily controlled via an existing
ini variable i.e. precision and improves the consistency of php's use
of precision.
The Bugs/Undesirable Features
=
0.8 == 0.7 + 0.1 evaluates to false
(int) (8.2 - 0.2) evaluates 7
intval(8.2 - 0.2) evaluates to 7
floor(10 * (0.7 + 0.1)) evaluates to 7
ceil (10 * (-0.7 + -0.1) evaluates to -7
Basis of the Fix
==
In general these would all evaluate correctly if they were evaluated to
the precision specified in php.ini (typically 14 for IEEE 64bit).
The fix replaces the current equality test on doubles, (a - b == 0),
with a string compare to 'precision' decimal places e.g.
sprintf(%.14G,a) == sprintf(%.14G,b). This is a modification to the
doubles section of the Zend/zend_operators.c compare_function, which
ultimately handles all comparisons, ==, !=, =, , , =.
Floor, ceil, (int), intval(), are fixed with an equality check of their
integer result to one above or below it, (as appropriate) via the
modified compare_function.
e.g. floor becomes
if a == floor(a) + 1
return floor(a) + 1;
else
return floor(a)
Apart from some performance tweaks, that's about it i.e.
Zend/zend_operators.c:compare_function
Zend/zend_operators.c:convert_to_long_base
ext/standard/math.c:ceil
ext/standard/math.c:floor
Testing
===
The fixes seem to work. However, they have only been tested on a 4.1.2
source under Linux 2.4.8-26mdk. They solve the problems listed above
and do as well as a basic cgi build of 4.1.2 on run-tests.php (i.e.
they pass everything except pow.phpt, pear_registry.phpt and 029.phpt).
They also seem to behave identically to an unfixed version if
'precision' is set high enough e.g. set_ini('precision',18).
Backward Compatibility
I've tried and failed to come up with a realistic scenario where this
fix compromises existing user code.
The main reason is that string, printf, sprintf already force the
precision set in php.ini. This means it quite difficult for someone to
have exploited the fact that compare_function does not. To hit problems
with the fix they would have to have first decided they care about the
digits beyond 'precision', but do not care enough to use the bc
library. They then have to gone to some trouble to get hold of those
extra digits. They could not, for instance, easily get them into a page
or database without a conversion to string automatically removing the
extra digits along the way.
In contrast to a round to precision after each floating point
operation approach, (which would be a nightmare), these fixes should
not create any new issues with cumulative rounding errors. All the
changed functions already return booleans, ints, or integer-rounded
floats.
In any case, everything can easily be reverted to the old functionality
at
Re: [PHP-DEV] configure broken: Iconv detection still not right...
On 20/03/02, Jani Taskinen [EMAIL PROTECTED] wrote: Can you try the latest CVS now? I accidently committed something that is only available in autoconf 2.52. (odd thing is that it worked for me even with 2.13) Still not quite right; configure is no longer mangled but much later, mysql detection fails because it can't find iconv: config.log: configure:39290: checking for mysql_error in -lmysqlclient configure:39309: gcc -o conftest -g -O2 -L/usr/lib -L/usr/lib/mysql -Wl,-rpath,/usr/local/lib -L/usr/local/lib -Wl,-rpath,/usr -L/usr conftest.c -lmysqlclient -lz -liconv -lintl -lgd -lfreetype -lpng -lz -ljpeg -lbz2 -lz -lcrypt -lssl -lcrypto -lresolv -lm -ldl -lnsl -lresolv -lcrypt 15 /usr/i486-suse-linux/bin/ld: cannot find -liconv I'm running SuSE 7.0 on that box; glibc 2.1 with iconv in libc (IIRC). Actually, a lot of tests fail for the same reason. --Wez. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] fgetss_state - seemingly unused
It is safe to remove, yes, since it doesn't do anything anymore. However, the original function was able to parse multi-line tags correctly which the current one no longer does. So instead of just removing it, we should consider re-introducing that feature. -Rasmus On Wed, 20 Mar 2002, Stefan Roehrich wrote: On 2002-03-19 16:40:51, Rasmus Lerdorf wrote: This is a remnant from my original implementation in PHP 2. It was committed: Mon May 20 15:20:25 1996 (5 years, 10 months ago) Some code never goes away ;-) ... Having that level of revision history is actually pretty cool if you ask me. This is the diff: Yes, it's really nice to have such a long history. So it did actually make sense at one point. It has just sort of lost its way over the years. So it should be save to remove the *getss_state variables? Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] fgetss_state - seemingly unused
It was my intention to put the state into the stream structure and nuke the global, so that the state is per stream, which makes a bit more sense since running two fgetss() in parallel would get confused otherwise. Are there problems with that? --Wez. On 20/03/02, Rasmus Lerdorf [EMAIL PROTECTED] wrote: It is safe to remove, yes, since it doesn't do anything anymore. However, the original function was able to parse multi-line tags correctly which the current one no longer does. So instead of just removing it, we should consider re-introducing that feature. -Rasmus On Wed, 20 Mar 2002, Stefan Roehrich wrote: On 2002-03-19 16:40:51, Rasmus Lerdorf wrote: This is a remnant from my original implementation in PHP 2. It was committed: Mon May 20 15:20:25 1996 (5 years, 10 months ago) Some code never goes away ;-) ... Having that level of revision history is actually pretty cool if you ask me. This is the diff: Yes, it's really nice to have such a long history. So it did actually make sense at one point. It has just sort of lost its way over the years. So it should be save to remove the *getss_state variables? Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Proposed new mail function mailfx()
Was it really not sufficient to simply set the From: header appropriately and make sure that your Apache user id was configured as a trusted sendmail user? On Wed, 20 Mar 2002, Eric Dynamic wrote: I've written another mail function to deal with one of our ISP clients' needs. I don't know if the functionality is found elsewhere - nowhere in the documentation that I have seen, though. The standard mail function is mail( to, subject, message, optional-headers ) The client had two issues. First is not a big deal, they had a file to send but mail() wants a string for the body. A file can be read into a string, so that's not major, but still it'd be nice to be able to read the content from a file, especially when the content is large. Second issue was more critical. We need for the user to coerce their identity for sendmail using -f, but there's no way to pass additional parameters to the mailer with mail(). The php.ini is sitewide and the users need to submit different values for -f. I've written and done preliminary testing for a function mailfx( to, subject, filename, optional-headers, optional-parameters ) where mailfx means mail from file, extended. The optional parameters are appended to the mailer path before the mailer is invoked, so that allows -f username for sendmail. The length of the mailer path plus the parameters is verified not to exceed the length of the buffer used to do this. The optional headers are used as with mail(). The filename replaces the string. Now, the file is checked and opened (code ripped off from ext/standard/file.c), and the contents are read in and written to the mailer. The version I have works on Unix. I've left the relevant ifdef WIN32's in place for a Windows person to complete the Windows version (since I won't assume parameters are handled the same on Windows.) Hopefully not much work there. Having the parameter version read a file and the normal version use a string is a little awkward, maybe a better thing to do is make an extended function that provides a flag to indicate if the source is a file or a string. Yet another argument... Anyway, this thing works for me as an integral part of PHP4 - I used the code of php-4.0.3pl1 to do this. Something like this would be generally useful. If PHP core team is interested, let me know what I need to submit for review for possible inclusion. -ecsd -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] fgetss_state - seemingly unused
That sounds good. On Wed, 20 Mar 2002, Wez Furlong wrote: It was my intention to put the state into the stream structure and nuke the global, so that the state is per stream, which makes a bit more sense since running two fgetss() in parallel would get confused otherwise. Are there problems with that? --Wez. On 20/03/02, Rasmus Lerdorf [EMAIL PROTECTED] wrote: It is safe to remove, yes, since it doesn't do anything anymore. However, the original function was able to parse multi-line tags correctly which the current one no longer does. So instead of just removing it, we should consider re-introducing that feature. -Rasmus On Wed, 20 Mar 2002, Stefan Roehrich wrote: On 2002-03-19 16:40:51, Rasmus Lerdorf wrote: This is a remnant from my original implementation in PHP 2. It was committed: Mon May 20 15:20:25 1996 (5 years, 10 months ago) Some code never goes away ;-) ... Having that level of revision history is actually pretty cool if you ask me. This is the diff: Yes, it's really nice to have such a long history. So it did actually make sense at one point. It has just sort of lost its way over the years. So it should be save to remove the *getss_state variables? Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Proposed new mail function mailfx()
Current mail() implementation already has fifth optional
argument which does exactly what you want.
And, for the 'file', it's as easy as writing:
mail('To', 'Subject', join('',file('filename')), ...
not that hard ...
I don't think another mail*() function whith no significat
enhancements is a good idea.
- Markus
On Wed, Mar 20, 2002 at 02:48:48AM -0800, Eric Dynamic wrote :
I've written another mail function to deal with one of our ISP clients' needs.
I don't know if the functionality is found elsewhere - nowhere in the documentation
that I have seen, though.
The standard mail function is
mail( to, subject, message, optional-headers )
The client had two issues. First is not a big deal, they had a file to send but
mail()
wants a string for the body. A file can be read into a string, so that's not major,
but
still it'd be nice to be able to read the content from a file, especially when the
content
is large.
Second issue was more critical. We need for the user to coerce their identity for
sendmail using -f, but there's no way to pass additional parameters to the mailer
with mail(). The php.ini is sitewide and the users need to submit different values
for -f.
I've written and done preliminary testing for a function
mailfx( to, subject, filename, optional-headers, optional-parameters )
where mailfx means mail from file, extended.
The optional parameters are appended to the mailer path before the mailer is invoked,
so that allows -f username for sendmail. The length of the mailer path plus the
parameters is verified not to exceed the length of the buffer used to do this.
The optional headers are used as with mail().
The filename replaces the string. Now, the file is checked and opened (code ripped
off
from ext/standard/file.c), and the contents are read in and written to the mailer.
The version I have works on Unix. I've left the relevant ifdef WIN32's in place for a
Windows person to complete the Windows version (since I won't assume parameters are
handled the same on Windows.) Hopefully not much work there.
Having the parameter version read a file and the normal version use a string is a
little
awkward, maybe a better thing to do is make an extended function that provides a flag
to indicate if the source is a file or a string. Yet another argument... Anyway, this
thing works for me as an integral part of PHP4 - I used the code of php-4.0.3pl1 to
do this.
Something like this would be generally useful. If PHP core team is interested, let
me know
what I need to submit for review for possible inclusion.
-ecsd
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
--
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Proposed new mail function mailfx()
On Wed, 20 Mar 2002, Rasmus Lerdorf wrote: Was it really not sufficient to simply set the From: header appropriately and make sure that your Apache user id was configured as a trusted sendmail user? As far as I know you need to specify the -f parameter (5th parameter of mail()) and set the Apache user id as a truster user. Derick On Wed, 20 Mar 2002, Eric Dynamic wrote: I've written another mail function to deal with one of our ISP clients' needs. I don't know if the functionality is found elsewhere - nowhere in the documentation that I have seen, though. The standard mail function is mail( to, subject, message, optional-headers ) The client had two issues. First is not a big deal, they had a file to send but mail() wants a string for the body. A file can be read into a string, so that's not major, but still it'd be nice to be able to read the content from a file, especially when the content is large. Second issue was more critical. We need for the user to coerce their identity for sendmail using -f, but there's no way to pass additional parameters to the mailer with mail(). The php.ini is sitewide and the users need to submit different values for -f. I've written and done preliminary testing for a function mailfx( to, subject, filename, optional-headers, optional-parameters ) where mailfx means mail from file, extended. The optional parameters are appended to the mailer path before the mailer is invoked, so that allows -f username for sendmail. The length of the mailer path plus the parameters is verified not to exceed the length of the buffer used to do this. The optional headers are used as with mail(). The filename replaces the string. Now, the file is checked and opened (code ripped off from ext/standard/file.c), and the contents are read in and written to the mailer. The version I have works on Unix. I've left the relevant ifdef WIN32's in place for a Windows person to complete the Windows version (since I won't assume parameters are handled the same on Windows.) Hopefully not much work there. Having the parameter version read a file and the normal version use a string is a little awkward, maybe a better thing to do is make an extended function that provides a flag to indicate if the source is a file or a string. Yet another argument... Anyway, this thing works for me as an integral part of PHP4 - I used the code of php-4.0.3pl1 to do this. Something like this would be generally useful. If PHP core team is interested, let me know what I need to submit for review for possible inclusion. -ecsd -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php --- PHP: Scripting the Web - [EMAIL PROTECTED] All your branches are belong to me! SRM: Script Running Machine - www.vl-srm.net --- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] fgetss_state - seemingly unused
On 2002-03-20 04:51:35, Rasmus Lerdorf wrote: That sounds good. On Wed, 20 Mar 2002, Wez Furlong wrote: It was my intention to put the state into the stream structure and nuke the global, so that the state is per stream, which makes a bit more sense since running two fgetss() in parallel would get confused otherwise. Yes, it really sounds like a good idea, and I'm sure that there will be more ideas, how stream state variables can be used ;-). Stefan -- Stefan Röhrich [EMAIL PROTECTED], [EMAIL PROTECTED] http://www.roehri.ch/~sr/ -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] configure broken: Iconv detection still not right...
I think Sascha fixed this..can you check it? --Jani On Wed, 20 Mar 2002, Wez Furlong wrote: On 20/03/02, Jani Taskinen [EMAIL PROTECTED] wrote: Can you try the latest CVS now? I accidently committed something that is only available in autoconf 2.52. (odd thing is that it worked for me even with 2.13) Still not quite right; configure is no longer mangled but much later, mysql detection fails because it can't find iconv: config.log: configure:39290: checking for mysql_error in -lmysqlclient configure:39309: gcc -o conftest -g -O2 -L/usr/lib -L/usr/lib/mysql -Wl,-rpath,/usr/local/lib -L/usr/local/lib -Wl,-rpath,/usr -L/usr conftest.c -lmysqlclient -lz -liconv -lintl -lgd -lfreetype -lpng -lz -ljpeg -lbz2 -lz -lcrypt -lssl -lcrypto -lresolv -lm -ldl -lnsl -lresolv -lcrypt 15 /usr/i486-suse-linux/bin/ld: cannot find -liconv I'm running SuSE 7.0 on that box; glibc 2.1 with iconv in libc (IIRC). Actually, a lot of tests fail for the same reason. --Wez. -- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] popen: exec.c and file.c
Hey, I've noticed that we use php_Exec for the following php functions: exec, system, passthru and a couple of functions in vpopmail. But we bypass php_Exec for popen, shell_exec (backticks). The difference between using php_Exec and not using it, apart from the various modes of operation in php_Exec, is that php_Exec does some additional sanity/security checks in safe_mode. This difference only really affects the PHP popen() function. Should it be doing the same checks as php_Exec? The reason that I am looking at this stuff is that I am now toying with the idea of a process stream that will effectively be the same as a popen()ed FILE * but will allow both reading and writing to/from the process. It would be implemented by manually creating a pipe for stdin and another for stdout and setting them up for the exec'd process. Under windows it's a slightly different story but I do have some code laying around that can be used for this purpose. Comments anyone? --Wez. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] PHP 4.1.2 GNU Bison 1.34
Hi, I noticed that configure fails checking bison 1.34. The output of bison 1.28 when running bison -V is: GNU Bison version 1.28 but in version 1.34 the output is: bison (GNU Bison) 1.34 Copyright 1984, 1986, 1989, 1992, 2000, 2001, 2002 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This is how I fixed that problem I changed configure line 1956 from set `bison -V | sed -e 's/^GNU Bison version //'` to set `bison -V | head -1 | sed -e 's/^bison (GNU Bison) //g' | sed -e 's/^GNU Bison version //'` -Juha Moisio- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] OT? buffer overflow attacks
At 10:50 AM 3/20/2002, Stefan Esser wrote: PS: anything written in this mail is my personal opinion and I do not speak for the rest of the php developers. You spoke for me, alright :) Zeev -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP 4.1.2 GNU Bison 1.34
IIRC, I fixed this long time ago in CVS HEAD. Try a snapshot from http://snaps.php.net Same fix will be in PHP 4.2.0 too. --Jani On Wed, 20 Mar 2002, Moisio Juha wrote: Hi, I noticed that configure fails checking bison 1.34. The output of bison 1.28 when running bison -V is: GNU Bison version 1.28 but in version 1.34 the output is: bison (GNU Bison) 1.34 Copyright 1984, 1986, 1989, 1992, 2000, 2001, 2002 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This is how I fixed that problem I changed configure line 1956 from set `bison -V | sed -e 's/^GNU Bison version //'` to set `bison -V | head -1 | sed -e 's/^bison (GNU Bison) //g' | sed -e 's/^GNU Bison version //'` -Juha Moisio- -- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] session.send_cache_headers as new ini entry
Hi We had a problem, sending dynamically generated pdf documents to MSIE 5.5, if we used sessions. It looked like the Cache-Control and Pragma Headers caused the problem, therefore i created a patch for session.c with a new ini-directive session.send_cache_headers. If this is set to false, then this headers are not sent and MSIE will not crash. I'm not sure if this is the right way, or if there are better solutions, or if i did it correctly, but you can find the patch (for HEAD) at http://trash.chregu.tv/session.diff As I heard, a lot of people have this problem, maybe this workaround could be a saver for them :) chregu -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] session.send_cache_headers as new ini entry
Christian, could you do me a favour and pasting the offending HTTP headers which caused the problem? I'm investigating a similar problem here. - Markus On Wed, Mar 20, 2002 at 05:47:35PM +0100, Christian Stocker wrote : Hi We had a problem, sending dynamically generated pdf documents to MSIE 5.5, if we used sessions. It looked like the Cache-Control and Pragma Headers caused the problem, therefore i created a patch for session.c with a new ini-directive session.send_cache_headers. If this is set to false, then this headers are not sent and MSIE will not crash. I'm not sure if this is the right way, or if there are better solutions, or if i did it correctly, but you can find the patch (for HEAD) at http://trash.chregu.tv/session.diff As I heard, a lot of people have this problem, maybe this workaround could be a saver for them :) chregu -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- Please always Cc to me when replying to me on the lists. GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Session Patch
The patch provides: configure option --enable-app-session, which turns on the new functions. session_get_list() : function which returns an array of active session ids. session_get_data() : function which returns the session data array of a particular session id. session_destroy_id() : destroys a particular session. What's the purpose of this, what's the difference to msession? First of all, these functions are new functions that extend the standard session support functionality. So these allow folks who are using libmm, files, user save handlers to get application session support. Second, you don't have to install another library and daemon just to get application session support. I have no idea what kind of state the Phoenix project is in, but I don't want to have to install it just to get something that could come for free w/ PHP's built in session support. I think I can prolly merge session_destroy_id() in with session_destroy(). Walt -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] session.send_cache_headers as new ini entry
Hi I commented out Cache-Control, Pragma and Expires and this helped... Didn't investigate further, since it worked with that :) Maybe just one of these headers is really offending... chregu On Wed, 20 Mar 2002, Markus Fischer wrote: Christian, could you do me a favour and pasting the offending HTTP headers which caused the problem? I'm investigating a similar problem here. - Markus On Wed, Mar 20, 2002 at 05:47:35PM +0100, Christian Stocker wrote : Hi We had a problem, sending dynamically generated pdf documents to MSIE 5.5, if we used sessions. It looked like the Cache-Control and Pragma Headers caused the problem, therefore i created a patch for session.c with a new ini-directive session.send_cache_headers. If this is set to false, then this headers are not sent and MSIE will not crash. I'm not sure if this is the right way, or if there are better solutions, or if i did it correctly, but you can find the patch (for HEAD) at http://trash.chregu.tv/session.diff As I heard, a lot of people have this problem, maybe this workaround could be a saver for them :) chregu -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- nam...christian stockeradr...bremgartnerstr. 66, ch-8003 zurich pho...+41 1 451 6021 www...http://phant.ch/chregu mob...+41 76 561 8860 [EMAIL PROTECTED] wor...+41 1 240 5670 gpg...0x5CE1DECB -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] session.send_cache_headers as new ini entry
I forgot to ask also .. what did you expirience exactly? Crash of the Internet Explorer Client (Browserwidnow suddenly closed) ? - Markus On Wed, Mar 20, 2002 at 06:20:36PM +0100, Christian Stocker wrote : Hi I commented out Cache-Control, Pragma and Expires and this helped... Didn't investigate further, since it worked with that :) Maybe just one of these headers is really offending... chregu On Wed, 20 Mar 2002, Markus Fischer wrote: Christian, could you do me a favour and pasting the offending HTTP headers which caused the problem? I'm investigating a similar problem here. - Markus On Wed, Mar 20, 2002 at 05:47:35PM +0100, Christian Stocker wrote : Hi We had a problem, sending dynamically generated pdf documents to MSIE 5.5, if we used sessions. It looked like the Cache-Control and Pragma Headers caused the problem, therefore i created a patch for session.c with a new ini-directive session.send_cache_headers. If this is set to false, then this headers are not sent and MSIE will not crash. I'm not sure if this is the right way, or if there are better solutions, or if i did it correctly, but you can find the patch (for HEAD) at http://trash.chregu.tv/session.diff As I heard, a lot of people have this problem, maybe this workaround could be a saver for them :) chregu -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- nam...christian stockeradr...bremgartnerstr. 66, ch-8003 zurich pho...+41 1 451 6021 www...http://phant.ch/chregu mob...+41 76 561 8860 [EMAIL PROTECTED] wor...+41 1 240 5670 gpg...0x5CE1DECB -- Please always Cc to me when replying to me on the lists. GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] session.send_cache_headers as new ini entry
Hi different behaviour -blank page and no crash -just a crash sometimes also a complete crash of MSIE 5.5, then only a windows (win2k) reboot helped to get it back completely. chregu On Wed, 20 Mar 2002, Markus Fischer wrote: I forgot to ask also .. what did you expirience exactly? Crash of the Internet Explorer Client (Browserwidnow suddenly closed) ? - Markus On Wed, Mar 20, 2002 at 06:20:36PM +0100, Christian Stocker wrote : Hi I commented out Cache-Control, Pragma and Expires and this helped... Didn't investigate further, since it worked with that :) Maybe just one of these headers is really offending... chregu On Wed, 20 Mar 2002, Markus Fischer wrote: Christian, could you do me a favour and pasting the offending HTTP headers which caused the problem? I'm investigating a similar problem here. - Markus On Wed, Mar 20, 2002 at 05:47:35PM +0100, Christian Stocker wrote : Hi We had a problem, sending dynamically generated pdf documents to MSIE 5.5, if we used sessions. It looked like the Cache-Control and Pragma Headers caused the problem, therefore i created a patch for session.c with a new ini-directive session.send_cache_headers. If this is set to false, then this headers are not sent and MSIE will not crash. I'm not sure if this is the right way, or if there are better solutions, or if i did it correctly, but you can find the patch (for HEAD) at http://trash.chregu.tv/session.diff As I heard, a lot of people have this problem, maybe this workaround could be a saver for them :) chregu -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- nam...christian stockeradr...bremgartnerstr. 66, ch-8003 zurich pho...+41 1 451 6021 www...http://phant.ch/chregu mob...+41 76 561 8860 [EMAIL PROTECTED] wor...+41 1 240 5670 gpg...0x5CE1DECB -- nam...christian stockeradr...bremgartnerstr. 66, ch-8003 zurich pho...+41 1 451 6021 www...http://phant.ch/chregu mob...+41 76 561 8860 [EMAIL PROTECTED] wor...+41 1 240 5670 gpg...0x5CE1DECB -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Win32 snmp ext
Title: Win32 snmp ext I am trying to build the php_snmp extension on my windows box and it says that I am missing the php.h file. Where can I find this header file? Thank you, Ray Hunter Firmware Engineer I ENTERASYS NETWORKS Phone: 801.887.9888 Fax: 801.972.5789 Email: [EMAIL PROTECTED] www: www.enterasys.com
Re: [PHP-DEV] Proposed new mail function mailfx()
I agree with Markus, it's fine as is.
Markus Fischer [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Current mail() implementation already has fifth optional
argument which does exactly what you want.
And, for the 'file', it's as easy as writing:
mail('To', 'Subject', join('',file('filename')), ...
not that hard ...
I don't think another mail*() function whith no significat
enhancements is a good idea.
- Markus
On Wed, Mar 20, 2002 at 02:48:48AM -0800, Eric Dynamic wrote :
I've written another mail function to deal with one of our ISP clients'
needs.
I don't know if the functionality is found elsewhere - nowhere in the
documentation
that I have seen, though.
The standard mail function is
mail( to, subject, message, optional-headers )
The client had two issues. First is not a big deal, they had a file to
send but mail()
wants a string for the body. A file can be read into a string, so that's
not major, but
still it'd be nice to be able to read the content from a file,
especially when the content
is large.
Second issue was more critical. We need for the user to coerce their
identity for
sendmail using -f, but there's no way to pass additional parameters to
the mailer
with mail(). The php.ini is sitewide and the users need to submit
different values for -f.
I've written and done preliminary testing for a function
mailfx( to, subject, filename, optional-headers, optional-parameters )
where mailfx means mail from file, extended.
The optional parameters are appended to the mailer path before the
mailer is invoked,
so that allows -f username for sendmail. The length of the mailer path
plus the
parameters is verified not to exceed the length of the buffer used to do
this.
The optional headers are used as with mail().
The filename replaces the string. Now, the file is checked and opened
(code ripped off
from ext/standard/file.c), and the contents are read in and written to
the mailer.
The version I have works on Unix. I've left the relevant ifdef WIN32's
in place for a
Windows person to complete the Windows version (since I won't assume
parameters are
handled the same on Windows.) Hopefully not much work there.
Having the parameter version read a file and the normal version use a
string is a little
awkward, maybe a better thing to do is make an extended function that
provides a flag
to indicate if the source is a file or a string. Yet another argument...
Anyway, this
thing works for me as an integral part of PHP4 - I used the code of
php-4.0.3pl1 to do this.
Something like this would be generally useful. If PHP core team is
interested, let me know
what I need to submit for review for possible inclusion.
-ecsd
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
--
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Proposed new mail function mailfx()
Markus Fischer wrote:
Current mail() implementation already has fifth optional
argument which does exactly what you want.
And, for the 'file', it's as easy as writing:
mail('To', 'Subject', join('',file('filename')), ...
not that hard ...
I don't think another mail*() function whith no significat
enhancements is a good idea.
- Markus
Okay. In the books and as of the last time I checked the online doc,
there was no 5th parameter. Since that's the primary purpose of the
new function, and since the input of a file versus a string is trivial,
scratch the new function.
-ecsd
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] session.send_cache_headers as new ini entry
After playing with the same problem for a while a few months back, I believe I pin-pointed the problem. When you download a file, IE places it into a temp folder before opening. If you tell it explicitly not to cache, it won't put it there, and, when it tries to open it, it'll crash. Different versions crash differently. Thus, using those fields on anything but plain html files (and whatever else explorer can open without prior downloading into the temp folder) causes IE to bomb :( Hope that helps. Vlad Christian Stocker wrote: Hi different behaviour -blank page and no crash -just a crash sometimes also a complete crash of MSIE 5.5, then only a windows (win2k) reboot helped to get it back completely. chregu On Wed, 20 Mar 2002, Markus Fischer wrote: I forgot to ask also .. what did you expirience exactly? Crash of the Internet Explorer Client (Browserwidnow suddenly closed) ? - Markus On Wed, Mar 20, 2002 at 06:20:36PM +0100, Christian Stocker wrote : Hi I commented out Cache-Control, Pragma and Expires and this helped... Didn't investigate further, since it worked with that :) Maybe just one of these headers is really offending... chregu On Wed, 20 Mar 2002, Markus Fischer wrote: Christian, could you do me a favour and pasting the offending HTTP headers which caused the problem? I'm investigating a similar problem here. - Markus On Wed, Mar 20, 2002 at 05:47:35PM +0100, Christian Stocker wrote : Hi We had a problem, sending dynamically generated pdf documents to MSIE 5.5, if we used sessions. It looked like the Cache-Control and Pragma Headers caused the problem, therefore i created a patch for session.c with a new ini-directive session.send_cache_headers. If this is set to false, then this headers are not sent and MSIE will not crash. I'm not sure if this is the right way, or if there are better solutions, or if i did it correctly, but you can find the patch (for HEAD) at http://trash.chregu.tv/session.diff As I heard, a lot of people have this problem, maybe this workaround could be a saver for them :) chregu -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- nam...christian stockeradr...bremgartnerstr. 66, ch-8003 zurich pho...+41 1 451 6021 www...http://phant.ch/chregu mob...+41 76 561 8860 [EMAIL PROTECTED] wor...+41 1 240 5670 gpg...0x5CE1DECB -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] php generator
We are trying to find a php code generator like Macromedia Ultradelv to develope a web base app. Can someone recommend a few. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] php generator
Hi, AFAIK there is nothing compareable (WYSIWYG-style). But you could try something like the zend studio [ http://www.zend.com/ ] or if syntax highlighting is enough for you, try ConTEXT [ http://fixedsys.com/context/ ]. Daniel Lorch - Original Message - From : W McCloud [mailto:[EMAIL PROTECTED]] Sent : Mittwoch, 20. März 2002 Subject: [PHP-DEV] php generator We are trying to find a php code generator like Macromedia Ultradelv to develope a web base app. Can someone recommend a few. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] getting the path to the php executable
On Mon, Mar 18, 2002 at 05:56:02AM +0100, Marcus B?rger wrote: At 05:11 18.03.2002, you wrote: is there a way to get the path of the current php executable for the cli and cgi sapi implementations? this would be nice so that run-tests.php could run its subprocesses with the same executable that it was run with (so you could run the tests with a particular php executable without having to make sure it is the one that the code inside run-tests.php picks up). In CLI you can pass that information from command line $ /t/php-cvs/php -r 'echo $argv[1];' -- `(pwd)` /home/marcus this is not what i was looking for. i'm looking for the equivalent to perl's $^X (or $EXECUTABLE_NAME for people that like to 'use English'). (this would be the '/t/php-cvs/php' from your example.) if that is a needed feature we better implement a useful solution. But is it really necessary? i don't expect that would be a widely-used feature, but for the specific case i've outlined (running tests using the same php binary from the run-tests.php script), it would be useful. i'm sure there are more instances in which it would be useful information. jim -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/exif exif.c
Finally i came back from work and installed me a new mdk8.2 - and it works :-) Yep tested the ext/exif and it's o.k. tomorrow more tests i think of copying files to streams to memory streams back to temp streams and then let us see. marcus At 00:36 20.03.2002, Wez Furlong wrote: To: Marcus =?utf-8?B?QsO2cmdlcg==?= [EMAIL PROTECTED] Cc: Wez Furlong [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/exif exif.c I've added a flag to make_seekable that allows the caller to indicate that they prefer a file-based stream as opposed to a temp_stream and enabled the temp streams now in CVS as the default seekable stream. (I forgot to mention that part in my latest commit message). I've also given the temp_stream cast operation some more smarts. If you could test with your huge images that would be great :-) --Wez. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] [PHP-QA] PHP 4.2.0 Release Candidate 1
Hello, A release candidate for PHP 4.2.0 has just been packed. This build is used for testing the readiness of the release branch. By providing feedback to this build, we can make sure the actual release (planned for April, 22nd) has as few bugs as possible. This release candidate is NOT meant for production servers, only for helping out the PHP-QA Team finding week spots. You can help use by completing one of the following tasks: Simple build tests 1. Download the RC from: http://www.php.net/~derick/ - php-4.2.0RC1.tar.gz (Source) - php-4.2.0RC1-win32.zip (windows binaries: CLI, CGI, ISAP module and extensions: cpdf, ctype, cybercash, db, dbx, domxml, fdsql, fdf, filepro, gd, gettext, java, mhash, oci8, openssl, pdf, pgsql, shmop, sockets, tokeniser, w32api, xslt and zlib (all without libraries!!!) - php4apache.dll (apache 1.3.23 module for windows) 2. Build and test the RC 3. Provide feedback through: http://qa.php.net/buildtest-submit.php If you are really serious, you can also help us run testcases in the following ways: 1. Run 'make test' after you build from source (non-windows only) and provide feedback to [EMAIL PROTECTED] 2. Run testcases, which you can find on: http://qa.php.net/testcases-4.2.0.php These testcases address areas of PHP, which need some special attention during the Release Process. It's very important that you run these cases very thouroughly. You can provide feedback with http://qa.php.net/buildtest-submit.php (specify your testcase there). If you have any questions, please mail to the [EMAIL PROTECTED] mailinglist. regards, Derick -- PHP Quality Assurance Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] [PHP-QA] PHP 4.2.0 Release Candidate 1
When is the overload extension going to make it into the distribution? Shane [EMAIL PROTECTED] wrote: Hello, A release candidate for PHP 4.2.0 has just been packed. This build is used for testing the readiness of the release branch. By providing feedback to this build, we can make sure the actual release (planned for April, 22nd) has as few bugs as possible. This release candidate is NOT meant for production servers, only for helping out the PHP-QA Team finding week spots. You can help use by completing one of the following tasks: Simple build tests 1. Download the RC from: http://www.php.net/~derick/ - php-4.2.0RC1.tar.gz (Source) - php-4.2.0RC1-win32.zip (windows binaries: CLI, CGI, ISAP module and extensions: cpdf, ctype, cybercash, db, dbx, domxml, fdsql, fdf, filepro, gd, gettext, java, mhash, oci8, openssl, pdf, pgsql, shmop, sockets, tokeniser, w32api, xslt and zlib (all without libraries!!!) - php4apache.dll (apache 1.3.23 module for windows) 2. Build and test the RC 3. Provide feedback through: http://qa.php.net/buildtest-submit.php If you are really serious, you can also help us run testcases in the following ways: 1. Run 'make test' after you build from source (non-windows only) and provide feedback to [EMAIL PROTECTED] 2. Run testcases, which you can find on: http://qa.php.net/testcases-4.2.0.php These testcases address areas of PHP, which need some special attention during the Release Process. It's very important that you run these cases very thouroughly. You can provide feedback with http://qa.php.net/buildtest-submit.php (specify your testcase there). If you have any questions, please mail to the [EMAIL PROTECTED] mailinglist. regards, Derick -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] [PHP-QA] PHP 4.2.0 Release Candidate 1
Sorry, just realized it's compiled in. Shane Shane Caraveo wrote: When is the overload extension going to make it into the distribution? Shane [EMAIL PROTECTED] wrote: Hello, A release candidate for PHP 4.2.0 has just been packed. This build is used for testing the readiness of the release branch. By providing feedback to this build, we can make sure the actual release (planned for April, 22nd) has as few bugs as possible. This release candidate is NOT meant for production servers, only for helping out the PHP-QA Team finding week spots. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] refreshing form
Hey, I am doing small simple voting script for my site..and i don't want to refresh whole site how should i refresh only the form? i can't find info anywhere... so i am trying over hare..i am new so i dunno what is this cong about. and i am using DB for my voting poll thanks for help if there will be any ;) :--: Have A Nice Day! Mantas Kriauciunas A.k.A mNTKz Contacts: [EMAIL PROTECTED] Http://mntkz-hata.visiems.lt -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] refreshing form
Ask on [EMAIL PROTECTED] This list is for the development OF php not WITH php. --Andrew On Wednesday 20 March 2002 07:33 pm, Mantas Kriauciunas wrote: Hey, I am doing small simple voting script for my site..and i don't want to refresh whole site how should i refresh only the form? i can't find info anywhere... so i am trying over hare..i am new so i dunno what is this cong about. and i am using DB for my voting poll thanks for help if there will be any ;) :--: Have A Nice Day! Mantas Kriauciunas A.k.A mNTKz Contacts: [EMAIL PROTECTED] Http://mntkz-hata.visiems.lt -- ...Unix, MS-DOS, and Windows NT (also known as the Good, the Bad, and the Ugly). (By Matt Welsh) -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] [PHP-QA] PHP 4.2.0 Release Candidate 1
Wasn't there going to be an announcement on www.php.net? Edin -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP-DEV] refreshing form
Hey [EMAIL PROTECTED], Got your email on:Wednesday, March 20, 2002, 3:34:42 PM writing: : AL Ask on [EMAIL PROTECTED] This list is for the development OF php AL not WITH php. AL --Andrew AL On Wednesday 20 March 2002 07:33 pm, Mantas Kriauciunas wrote: Hey, I am doing small simple voting script for my site..and i don't want to refresh whole site how should i refresh only the form? i can't find info anywhere... so i am trying over hare..i am new so i dunno what is this cong about. and i am using DB for my voting poll thanks for help if there will be any ;) :--: Have A Nice Day! Mantas Kriauciunas A.k.A mNTKz Contacts: [EMAIL PROTECTED] Http://mntkz-hata.visiems.lt : Sorry for distrupting, thanks. :--: Have A Nice Day! Mantas Kriauciunas A.k.A mNTKz Contacts: [EMAIL PROTECTED] Http://mntkz-hata.visiems.lt -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] [PHP-QA] PHP 4.2.0 Release Candidate 1
Wasn't there going to be an announcement on www.php.net? ... But it's not a release - it's a release candidate. Sure, but there was a discussion about announcing RC1 on the web in order to give QA effort a boost. Edin -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] --without-pcre-regex config option
According to bug #16182 it is no longer possible to build php using this option. Any reason not to remove it? Edin -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] getting the path to the php executable
At 22:19 20.03.2002, Jim Winstead wrote: On Mon, Mar 18, 2002 at 05:56:02AM +0100, Marcus B?rger wrote: At 05:11 18.03.2002, you wrote: is there a way to get the path of the current php executable for the cli and cgi sapi implementations? this would be nice so that run-tests.php could run its subprocesses with the same executable that it was run with (so you could run the tests with a particular php executable without having to make sure it is the one that the code inside run-tests.php picks up). In CLI you can pass that information from command line $ /t/php-cvs/php -r 'echo $argv[1];' -- `(pwd)` /home/marcus this is not what i was looking for. i'm looking for the equivalent to perl's $^X (or $EXECUTABLE_NAME for people that like to 'use English'). (this would be the '/t/php-cvs/php' from your example.) if that is a needed feature we better implement a useful solution. But is it really necessary? i don't expect that would be a widely-used feature, but for the specific case i've outlined (running tests using the same php binary from the run-tests.php script), it would be useful. i'm sure there are more instances in which it would be useful information. jim So then do a RFC for that feature and if positive i will implement/chnage the CLI behavior in a fashion way. marcus -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Building LDAP extension on NetWare (secondattempt)
Finally got it! In addition to defining COMPILE_DL_LDAP so that the below mentioned portion gets included, every extension needs to export the symbol get_module, which is what the ZEND_GET_MODULE macro translates to. Thanx to all those who pitched in with suggestions. Cheers, Venkat Markus Fischer [EMAIL PROTECTED] 14/03/2002 12:50:36 afaik only the macro ZEND_GET_MODULE which should only be enabled in DSO builds. #ifdef COMPILE_DL_LDAP ZEND_GET_MODULE(ldap) #endif (which, in fact, requires that ldap_module_entry has been defnied already) On Thu, Mar 14, 2002 at 12:02:38AM -0700, Venkat Raghavan wrote : Now, I have LDAP extension built as a separate binary. I'm not able to load it using dl() with mod_php since it says that dl() is not supported for multithreaded Web servers. When I try to load it using dl() on the command-line (CGI) version of PHP, it says that PHP_LDAP.NLM is not a valid PHP library. My doubt is that I am not exporting the right stuff out of the binary by which PHP can hook into tit. What do I need to export? Is there something standard for every extension that is dynamically loaded? -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] --without-pcre-regex config option
On Thu, 21 Mar 2002, Edin Kadribasic wrote: According to bug #16182 it is no longer possible to build php using this option. Any reason not to remove it? Get rid of it please :) Derick --- PHP: Scripting the Web - [EMAIL PROTECTED] All your branches are belong to me! SRM: Script Running Machine - www.vl-srm.net --- -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] php generator
Adobe GoLive 6.0 has PHP generation built into it. I've never actually used it, but it's supposed to be a pretty good start. If you're looking for a more code-level IDE, then you can go with Daniel's recommendations... Zeev At 10:34 AM 3/20/2002, W McCloud wrote: We are trying to find a php code generator like Macromedia Ultradelv to develope a web base app. Can someone recommend a few. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] - Looking for good php-editor
Hi there!! I'm fairly new as a php developer and I can't seem to find a good editor. I've installed and uninstalled about 20 of them and now I'm tired of it. Is there anyone (and there should be ;) ) who know of an editor I can use. If you do please mail me a link or something I'm working in Win2k regards Krister -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
