RE: [PHP-DEV] Compile PHP-CODE
Hey, Does anybody know about the possibilities of compliling the php source code Yes, it's true, it is possible to compile PHP source code. My best friend's sisters' boyfriend's brother knew this guy who saw this other guy compile it once at 31 flavors.* Hey, I know that it;s not compiled,, I just ask about possibilities... Becuse this is the only place where i can talk about these kind of problems Well, maybe you should read your question again. The PHP source code sounds for me like the source of PHP, And well, as long as you dont compile it, you cant use PHP. If you are looking for a possibility to compile your Scripts to binarys, well depends on what you want: if you want stand-alone-binary-scripts-that-dont-need-a-php-interpreter Well: no, that is not possible right now. If you want your scripts encoded so noone can read it, Well you should look for the Zend Encoder or the Ioncube Encoder. BUT: this is the wrong list for your question. It is about the developement of PHP, If my guess about your question (the second one ;) is right - your question is about Developement in PHP. For questions like this, i guess, PHP-General List is a better Place. Regards, Peter Petermann -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Licensing issues
Hi Jelmer, I've written SMB Client (Windows/Samba Filesharing) support for PHP. Though I'm wondering how this can be distributed - libsmbclient is published under GPL. Sounds intresting to me, i guess PECL is the right place for that?! Can my ext/smbc added to the main php 4 sources with the current license? May I distribute it as a patch? What alternative licenses could libsmbclient be published under to make it compatible with the PHP License? it should be GNU Library General Public License, i think.. regards, Peter Petermann -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Fw: PHP content-disposition vuln
Hi All, this is a message that was Posted to incidents list @ securityfocus. Roland von Herget recognized some unusual traffic in his Logs. Maybe someone else can check if he can find that too, and if he does post a message (maybe to incidents list too). There could be a worm or something like that out there, using the upload vuln. in PHP = 4.0.4?! If this is just panic - feel free to correct me =) regards, Peter - Original Message - From: Roland von Herget [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 25, 2002 7:05 PM Subject: PHP content-disposition vuln -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, snort picked up the following yesterday evening: [complete packeted dump attached] [GMT+1, yesterday] 49649| [18:39:00] 65.89.43.125:4053 - a.b.c.4:80 php content-disposition 49648| [18:39:00] 65.89.43.125:4053 - a.b.c.4:80 SHELLCODE x86 EB OC NOOP 49647| [18:39:00] 65.89.43.125:4053 - a.b.c.4:80 SHELLCODE x86 EB OC NOOP 49646| [18:39:00] 65.89.43.125:4053 - a.b.c.4:80 SHELLCODE x86 EB OC NOOP 49645| [18:39:00] 65.89.43.125:4053 - a.b.c.4:80 php content-disposition 49644| [18:39:00] 65.89.43.125:4040 - a.b.c.4:80 php content-disposition 49643| [18:39:00] 65.89.43.125:4039 - a.b.c.4:80 php content-disposition 49642| [18:38:59] 65.89.43.125:4038 - a.b.c.4:80 php content-disposition 49641| [18:38:59] 65.89.43.125:4037 - a.b.c.4:80 php content-disposition 49640| [18:38:59] 65.89.43.125:4036 - a.b.c.4:80 php content-disposition 49639| [18:38:58] 65.89.43.125:4035 - a.b.c.4:80 php content-disposition 49638| [18:38:58] 65.89.43.125:4034 - a.b.c.4:80 php content-disposition 49637| [18:38:58] 65.89.43.125:4033 - a.b.c.4:80 php content-disposition 49636| [18:38:58] 65.89.43.125:4032 - a.b.c.4:80 php content-disposition 49635| [18:38:57] 65.89.43.125:4031 - a.b.c.4:80 php content-disposition 49634| [18:38:55] 65.89.43.125:4018 - a.b.c.34:80 php content-disposition 49633| [18:38:55] 65.89.43.125:4018 - a.b.c.34:80 SHELLCODE x86 EB OC NOOP 49632| [18:38:55] 65.89.43.125:4018 - a.b.c.34:80 SHELLCODE x86 EB OC NOOP 49631| [18:38:55] 65.89.43.125:4018 - a.b.c.34:80 SHELLCODE x86 EB OC NOOP 49630| [18:38:55] 65.89.43.125:4018 - a.b.c.34:80 php content-disposition 49629| [18:38:55] 65.89.43.125:4013 - a.b.c.34:80 php content-disposition 49628| [18:38:54] 65.89.43.125:4012 - a.b.c.34:80 php content-disposition 49627| [18:38:54] 65.89.43.125:4011 - a.b.c.34:80 php content-disposition 49626| [18:38:54] 65.89.43.125:4010 - a.b.c.34:80 php content-disposition 49625| [18:38:54] 65.89.43.125:4009 - a.b.c.34:80 php content-disposition 49624| [18:38:53] 65.89.43.125:4008 - a.b.c.34:80 php content-disposition 49623| [18:38:53] 65.89.43.125:4007 - a.b.c.34:80 php content-disposition 49622| [18:38:53] 65.89.43.125:4006 - a.b.c.34:80 php content-disposition 49621| [18:38:53] 65.89.43.125:4004 - a.b.c.34:80 php content-disposition 49620| [18:38:52] 65.89.43.125:4003 - a.b.c.34:80 php content-disposition 49619| [18:38:50] 65.89.43.125:3989 - a.b.c.33:80 php content-disposition 49618| [18:38:50] 65.89.43.125:3989 - a.b.c.33:80 SHELLCODE x86 EB OC NOOP 49617| [18:38:50] 65.89.43.125:3989 - a.b.c.33:80 SHELLCODE x86 EB OC NOOP 49616| [18:38:50] 65.89.43.125:3989 - a.b.c.33:80 SHELLCODE x86 EB OC NOOP 49615| [18:38:50] 65.89.43.125:3989 - a.b.c.33:80 php content-disposition 49614| [18:38:50] 65.89.43.125:3975 - a.b.c.33:80 php content-disposition 49613| [18:38:49] 65.89.43.125:3974 - a.b.c.33:80 php content-disposition 49612| [18:38:49] 65.89.43.125:3973 - a.b.c.33:80 php content-disposition 49611| [18:38:49] 65.89.43.125:3972 - a.b.c.33:80 php content-disposition 49610| [18:38:48] 65.89.43.125:3971 - a.b.c.33:80 php content-disposition 49609| [18:38:48] 65.89.43.125:3970 - a.b.c.33:80 php content-disposition 49608| [18:38:48] 65.89.43.125:3969 - a.b.c.33:80 php content-disposition 49607| [18:38:48] 65.89.43.125:3965 - a.b.c.33:80 php content-disposition 49606| [18:38:47] 65.89.43.125:3961 - a.b.c.33:80 php content-disposition 49605| [18:38:47] 65.89.43.125:3957 - a.b.c.33:80 php content-disposition here he stopped, there are a few web servers left in our /24, so i put up tcpdump maybe i'll get a few complete traces... The client machine tells me the following: telnet 65.89.43.125 80 Trying 65.89.43.125... Connected to 65.89.43.125. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Wed, 19 Jun 2002 19:34:10 GMT Server: Apache/1.3.14 (Unix) PHP/4.0.4pl1 Connection: close Content-Type: text/html so it seems vulnerable... i've never seen this in the wild until right now... has anyone seen large (or any) activity regarding the php file upload bug ? Or am i only overly nervous because of the recent apache / openssh problems ? Greetings, Roland -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Weitere Infos: siehe
Re: [PHP-DEV] Fw: PHP content-disposition vuln
this is not a worm. According to the logs someone attacked this guy with one of the TESO exploits 7350fun or 73501867 in bruteforce mode. Thanks for this Info, ill forward that :) Regards, Peter Petermann -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] File inclusion from www.a.com to www.b.com
Normally this is a topic for [EMAIL PROTECTED] but i think it 'could' be a good feature to have include/require work with streams. Then the questioned code would work. if you do it like mentioned in docs, the questioned code works. regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] CLI max_execution_time
Hi, I try to make Linux programmers to change where they keep users configuration from $HOME to $HOME/.settings. In this way the users home will be clean. Please do not make a war from this suggestion, a simple yes or no is enough. no (why dont you just setup your shell as most people do (so .xyz will be hidden?)) regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] - Looking for good php-editor
I'm fairly new as a php developer and I can't seem to find a good editor. I've installed and uninstalled about 20 of them and now I'm tired of it. Is there anyone (and there should be ;) ) who know of an editor I can use. If you do please mail me a link or something Try Weaverslave http://www.weaverslave.de regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] New Module
it's much easier to detect a modification of a script instead of just a cat dbconf.php. no need to modify a script. if a hacker has access to your webserver, in most cases he will be able to access your db server too. if not, in case of your extension it shouldnt be hard for him creating a small script for looking up the data in your tempfolder, gaining the data, and deleting it this is from point of detection the same class as doing a cat dbconf.php the Point is: your extension is not changing security. btw: why you want to put it under GPL? most extensions have PHP License, that could conflict. regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] php + cygwin
well, there is some older porting project, but i guess it could help: http://www.student.uni-koeln.de/cygwin/ regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] - Original Message - From: Stanislav Malyshev [EMAIL PROTECTED] To: PHP Development [EMAIL PROTECTED] Sent: Thursday, February 21, 2002 12:52 PM Subject: Re: [PHP-DEV] php + cygwin AG Everything's possible :) I just don't think anyone has done it. I see. Generally, the real question is more practical - why it looks for liconfig? Can any of autoconf/configure/libtool gurus give any pointers? -- Stanislav Malyshev, Zend Products Engineer [EMAIL PROTECTED] http://www.zend.com/ +972-3-6139665 ext.115 -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] Freshmeat PHP Project Info is obsolete...
Hi Yasuo, I updated it on freshmeat, my update is now waiting for approval of someone of the freshmeat crew. If you see something like that on freshmeat again: it is real easy to change something, just register as a user there, then youre able to do changes on *every* project, but someone of freshmeat will check if that is ok. I hope ive been the only one changing that record, so scoop isnt flooded by change messages ;) regards, Peter -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] Re: [PEAR-DEV] Re: [PHP-DEV] PHP list server is banning mlemos@acm.org [Fwd:Mensagem automatica: User unknown [Usuario desconhecido]]
Manuel, maybe you shouldnt care about the problems of others, you should take a look at yourselve, maybe youll find the reason for that ban in your behaviour. regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] - Original Message - From: Manuel Lemos [EMAIL PROTECTED] To: Stig S. Bakken [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, February 07, 2002 5:03 AM Subject: [PEAR-DEV] Re: [PHP-DEV] PHP list server is banning [EMAIL PROTECTED] [Fwd:Mensagem automatica: User unknown [Usuario desconhecido]] Hello, Stig S. Bakken wrote: Yes, someone banned your email address from lists.php.net (fixed now). Personally, I find it completely unacceptable that someone goes ahead just banning people just like that. On behalf of the PHP Group, I would like to offer you an apology for this. Apologies accepted because I don't think the whole PHP Group would agree on such immature and coward attitude to ban me or whoever from this any other list. Anyway, I feel that the group core should prevent that anybody repeats this. Maybe it is that somebody has more passwords than should be trusted. Regards, Manuel Lemos - Stig On Tue, 2002-02-05 at 01:42, Manuel Lemos wrote: Hello, Anybody can provide a decent answer on why PHP list server is banning my address [EMAIL PROTECTED] ? Manuel Lemos From: Mail Delivery Subsystem [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mensagem automatica: User unknown [Usuario desconhecido] Date: 04 Feb 2002 22:29:54 -0200 The original message was received at Mon, 4 Feb 2002 22:29:17 -0200 (BRST) from [200.221.72.147] A mensagem original foi recebida em Seg, 4 Fev 2002 22:29:17 -0200 (BRST) vinda de [200.221.72.147] - The following addresses had permanent fatal errors - [Os seguintes enderecos de e-mail apresentaram defeitos permanentes] [EMAIL PROTECTED] - Transcript of session follows - [Transcricao da sessao] ... while talking to pair1.php.net.: RCPT To:[EMAIL PROTECTED] 553 sorry, your envelope sender is in my badmailfrom list (#5.7.1) 550 [EMAIL PROTECTED]... User unknown [Usuario desconhecido] Reporting-MTA: dns; toole.uol.com.br Received-From-MTA: DNS; [200.221.72.147] Arrival-Date: Mon, 4 Feb 2002 22:29:17 -0200 (BRST) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.1.1 Remote-MTA: DNS; pair1.php.net Diagnostic-Code: SMTP; 553 sorry, your envelope sender is in my badmailfrom list (#5.7.1) Last-Attempt-Date: Mon, 4 Feb 2002 22:29:22 -0200 (BRST) From: Manuel Lemos [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [metabase-dev] RE: [PEAR-DEV] pearifying metabase: preparing phase 2 Date: 04 Feb 2002 22:32:46 -0200 Hello, Lukas Smith wrote: ok next week I will attempt phase 2 which will be to actually use DB.php as a factory to call metabase_database.php and start changing some of the method names and Don't bother to change anything in Metabase until you make the proof of concept and everybody agrees about the viability of this merger. Also keep in mind that that neither PEAR-DB nor Metabase development is halted, so if you change your copy of Metabase or even anything in PEAR-DB you may have to keep up with official changes that are being done in parallel, so it is better to avoid changing anything now. I will keep an eye that all changes to the metabase code can easily be hidden in the metabase_inferface.php (nobody voted on if they use access the metabase object directly or not ... so I am just assuming I don't have to worry about that) Or maybe that is because anybody in the list did not see the the invitation to the poll or understand what is it about. I must admit I was hoping for some more feedback on the stuff I wrote in my last mail (phase 1) .. but so it goes. Sorry, but I have been too busy with the move of host of PHP Classes site among other things. Regards, Manuel Lemos -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php -- PEAR Development Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List http://www.php.net/ To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] TML++
Congrats Joey, regards, Peter -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] PHP TAG
when will you stop posting stupid questions to this list? It would be more constructive if you mail the user in question privately and nicely. He made a mistake posting to this list but he is probably not aware that this is not the correct list for this kind of questions, this is not the first posting of him, and all of them have been that way. You can read a collection of Postings @ http://marc.theaimsgroup.com/?a=10110075472r=1w=2 so I don't think it is correct to humiliate a user in a public forum because you are not only making him stay away from this list but also from PHP due to the hostility that he is receiving, but that is just my opinion. Tell a better way to force someone who doesnt read what you are writing to him. regards, Peter -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] FOSDEM 2002
Hoi, Last year we had a nice php-dev Meeting there (Rasmus, Sterling, Derick, Hartmut, some others, myself). I already know for sure that Sterling and Derick will be there, again, this year. thanks for forgetting your driver ;) Since I can only attend FOSDEM for one day, I'd like to know who will be there on which day, so that I can plan my trip accordingly. i'll come to, but still not sure when.. hartmut told me he is comming.. and some others too Also, they don't have yet a PHP Session/Talk, AFAIK, so we should probably organize a bit for this, too. there is one.. derick is doing it regards, Peter -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] HTTP AUTHENTICATION Solution
Hi Bharath, Please correspond via email for my convinience and also on the News Group for the benifit of the Php Developers... you are posting to the wrong List. php-dev is for developing PHP itself, and extensions for PHP in C. Please have a look which List is better. regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: migrating PHPs across machines...
[insert other shameless plugs here] derick, since i know you are able to read some german: http://learn.to/quote ;) regards, Peter Petermann -- *ZIMT - where PHP meets needs* PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: migrating PHPs across machines...
I indeed did not like your response for these reasons: 1) Wrong list. 2) It had little to do with the question. 3) I just don't like any response from you. 4) I just enjoy reading your funny comments on everything + 1 regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: migrating PHPs across machines...
are not very good at playing chess are you? You have just compromised the PHP kings previous statements. :-) Rasmus, Zeev, Zak, etc... have been insisting very hard that there is no bias from PHP developers against Manuel, blah, blah, blah and then you come a long and contradict them confirming that you do really are biased against me? Man, they are going to take you @php.net badge that you exhibit so proudly, because you are making it a bad case of descrimination of some of you against me . You have just shown that descrimination exists no matter how much I pointed that in the past and was just accused of making that up. Never mind, you never fooled me, and now it should be clear to everybody that is reading that you are descriminating me. 4) I just enjoy reading your funny comments on everything Does that imply that you have to repress anybody that comes here to help others? Maybe it is just Manuel. :-( ever heard about sarcasm? btw: not derick is making you to just Manual, you are doing that yourself. regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: migrating PHPs across machines...
When somebody steps on your feet deliberately what do you do? Certainly you will not say Thank you hit again! He is not showing off his status. He is venting frustration that many in the community feel. Many of the long and loud threads on this list over the last little while have been pointless fights... Zak, Derick started it by turning this thread into a pointless fight as you say. he just said what he was thinking about your mail. you didnt accept that critic You defend yourself so vigorously and take offense so quickly that people have trouble relating to you. If and when you ever be faced by misunderstanding and bias against you, you will understand me. maybe youre paranoid? [cut] It was not intended, but now you have to face the justice or Mr. Net cop Derick. Actually I don't - in fact, I don't recall ever having been troubled by those who disagree with you. I am probably the least adept of the people actively involved with the development effort and I make a lot of mistakes and foolish suggestions, yet no one troubles me... Sorry, when I said you I mean somebody that could be me or anybody that has to put up with a net cop like person, not that it will happen to you. Everyone working on net meets a net cop one day, but believe, derick is no net cop. Just to relax, you know that 4 years ago I wrote a book named something that would be translated as Being on the Internet. I have one chapter that talks about typical behaviours that the Internet make outstand in users. One of the described behaviours is what I called the Net Cop. It is that guy that thinks of himself of a big shot that knows all and is going to fix the world by repressing others. Derick just reminded me of a Net Cop. Anyway, I tend to understand people like him, because as I explained in the book, usually people just repress others because they are or at least were repressed by others in the past. Despite they hated it, they just do the same and repress others with shouting at them with public messages to try to humilliate them, just like Derick tried. Never mind, nothing that some good analysis sessions would not solve! :-) Manuel, you are very intelligent and have the benefit of being older than many of us on the list - why can't you identify your own behavior in the bad things that you attribute to others? I was attacked and I feel that I have the right to respond to protect me from being humilliated by kids like Derick that have to intention respect me. see my other mail. dont take this as attack, understand why derick is writing that. dont blame it on derick, try to find out what YOU did wrong. I believe that you are a net cop. Derick certainly is not - I somewhat am So, you did not what understand (or I was not able to explain) what a net cop is. A net cop is just a person that voluntarily sits that and try to police people just to nailed them sometimes imposing public humilliation. That is what Derick did by his own initiative. Regardless if he or anybody liked my response, he should not forget that was just a reaction to his attact to my person. so in your view everyone who says something negative about you, even if he is just criticizing, he is a net cop? everyone not agreeing with you is a big bad net cop? wake up! Actually I find more valuable the people that have the guts to speak up what they think, even if they defy my points of view, rather than stay quite in the background boycotting my initiatives. lol just my 2 cents regards, Peter Petermann -- Homepage: www.cyberfly.net PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] PHP Infos: www.php-center.de - [EMAIL PROTECTED] VL-SRM Homepage: www.vl-srm.net - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: PHP 5
Hi, having everything bundled is a strength for people who install from source, but it really doesn't do much to help people who haved installed from a distribution or are in a shared-hosting situation. those are the well, i dont agree with that. think about people that are not hosting themself.. its great to have all that stuff included in PHP, its easiert to tell your provider hey could you enable this feature instead of hey.. would you intall... just my 2 cents -- Peter [DiSAStA] Petermann -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] php compiler - (or really) big binary builder
bytecode, the idea was just to merge php code (either zipped) or just appended to the php binary, and making it execute code from the end of it'self.. For windows something like that exists.. Plot did it.. The URL was: www.deskcode.com/phpcompiler but doesnt seem to exist any longer. but i think Plot is still reading this list, so maybe he will tell us his new URL. regards, Peter Petermann -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4 /ext/mysql php_mysql.c
Hi Andrey, What is the difference between : if (mysql_result type==le_result !mysql_eof(mysql_result)) { and if (mysql_result type==le_result) { if (!mysql_eof(mysql_result)) { except the second is more readable : if you would have quoted correct, you would read the diffrence between: if (mysql_result type==le_result !mysql_eof(mysql_result)) { php_error(E_NOTICE, Called %s() without first fetching all rows from a previous unbuffered query, get_active_function_name(TSRMLS_C)); while (mysql_fetch_row(mysql_result)); zend_list_delete(mysql-active_result_id); mysql-active_result_id = 0; } and if (mysql_result type==le_result) { if (!mysql_eof(mysql_result)) { php_error(E_NOTICE, Called %s() without first fetching all rows from a previous unbuffered query, get_active_function_name(TSRMLS_C)); while (mysql_fetch_row(mysql_result)); } zend_list_delete(mysql-active_result_id); mysql-active_result_id = 0; } Now you can see, that in second case zend_list_delete mysql-active_result_id are executed even if mysql_eof(mysql_result)) == true in first case not. regards, Peter [DiSAStA] Peterman -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Security Issues
I fully agree here with Rasmus and I also think this will be the workaround for most people -- if one _does_ care about security, he even knows what and how to do nowadays. I don't think turning register_globals to off will evangelize people to develop more secure scripts/applications. thats it. what we could do to make people to write more secure script is: - telling them to do so, - telling them what is insecure - telling them why something is insecure - writing a special type of documentation, about how to write secure scripts maybe we could do something like a php-security-central, where everyone who wants to learn about security could read this kind of documenation, a special mailinglist where issues about security of php-applications is discussed, etc. you cant fight security holes without knowing what the hole is, and you cant make others writing secure apps without teaching them about how this works, we shouldnt change php, we should give more information about this problems, so everyone is able to learn how to avoid them. - Peter -- *ZIMT - where PHP meets needs* Homepage: www.cyberfly.net - [EMAIL PROTECTED] PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] Just for Fun: www.fist-center.de - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Security Issues
register_globals is off? Of course not, but it's definitely going to knock down a huge amount of exploits in their apps, and there are good chances that these would be the only exploits in it. as rasmus wrote, this would only result in users using foreach to do that. you cant fight security holes without knowing what the hole is, and you cant make others writing secure apps without teaching them about how this works, we shouldnt change php, we should give more information about this problems, so everyone is able to learn how to avoid them. The way I see it, register_globals=on is pretty much like a swiss cheese factory as far as it comes to security holes. No php-security-central is going to help here, and closing this factory down *is* going to help a lot. This doesn't come to say it'd eliminate all security holes out there, obviously, just a great deal of them. discussion, but given the fact (or my view, rather) that register_globals=on is *SUCH* a bad thing, none of them has too much to do with it. They're good and should be discussed regardless of this issue, which should be resolved specifically, and in my opinion, by changing the default. as long there are peoples driving car, without knowing howto drive, they are dangerous for all of us. but do you think driving car should no longer be allowed? you cant make mercedes, porsche etc. responsible for people killed by people who cant drive but did. i think we are talking about something like this right now, the language is not responsible for users, who dont know about security and, PHP is written in C, so maybe C should be changed to make it impossible to create in php something like register_globals=on... this is what you say, if you blame the language for that php is just a language, if people are not able to use it the right way it is nothing wrong with the language, it is about the people -- *ZIMT - where PHP meets needs* Homepage: www.cyberfly.net - [EMAIL PROTECTED] PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] Just for Fun: www.fist-center.de - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Security Issues
what we could do to make people to write more secure script is: - telling them to do so, - telling them what is insecure - telling them why something is insecure - writing a special type of documentation, about how to write secure scripts Please, can you say beginner? Once people read that kind of stuff, they are not beginners any more. They aren't the problem. ive seen a lot of professionells who dont care about security, and i have seen beginner who do. You can't force people to write secure applications, but you can make it easier. i dont think it is easier to write more secure applications with turning a feature of. - Peter -- *ZIMT - where PHP meets needs* Homepage: www.cyberfly.net - [EMAIL PROTECTED] PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] Just for Fun: www.fist-center.de - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Security Issues
(b) As I said, if someone wants to use a gun to shoot himself in the head, he's welcome to do so. The least we could do is hand him the gun safely pointed in the other direction, and not point it to his brain. we are not talking about people who want to have security holes, we are talking about people who do not know they have.. this is like giving a loaded weapon to someone, dont telling him that he could kill with it. it. Can you blame the driver for the accident with a brakeless car? It'd be quite dumb... Shipping PHP with register_globals set to on is equivalent to shipping cars without brakes. You hope that the user would be bright enough to install brakes, or use all sorts of advanced preventive measures like airbags, but the right thing to well, i think you misunderstood me. we are not talking of a brakeless car, and we are not talking about a language who is not able to be used secure. we are talking about something that has the abilities to be secure, we just need to teach the people how, the same as people need to learn how to drive, without they can start the engine, and dont know how to brake, but the brakes are there! i think we are talking about something like this right now, the language is not responsible for users, who dont know about security and,PHP is written in C, so maybe C should be changed to make it impossible to create in php something like register_globals=on... this is what you say, if you blame the language for that php is just a language, if people are not able to use it the right way it is nothing wrong with the language, it is about the people I strongly suspect you haven't read the advisory, because it deals exactly with these issues. In a perfect world, we'd just have something like security=on that'd handle all of the possible security issues. Since non of us is holding his breath for such a world, we should try to provide a system that at least isn't prone to common, repeated and innocent looking security bugs. PHP with register_globals=on is. i have read the advisory, but i cant agree that register_globals=on is the problem the user, who cant deal with that is the problem php is a language, if people dont secure there applications, they are wrong, not php is. if i give machines to you, allowing you to build cars secure ones, and insecure ones (those without brakes ;) and you build a insecure one, thats not my fault. but if i want to help you, i wouldnt turn of one of the switches you use, and hope you dont use another one for the same, i would teach you how to build the secure cars, how to do crashtests etc. - Peter -- *ZIMT - where PHP meets needs* Homepage: www.cyberfly.net - [EMAIL PROTECTED] PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] Just for Fun: www.fist-center.de - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Security Issues
hi, If register_globals = off is highly recommended, why does the default php.ini have register_globals=on Many people do not change this. this wouldnt realy help at all, if you change this, and you need those vars in a script, most people would do the same like register_globals does. the way to protect against this issue isnt switching this feature off, it is writing code which protects against such attacks. this is not a language issue, it is a script-coder one, if someone is not able to handle this, he is not able to write scripts if register_globals is turned off too - Peter -- *ZIMT - where PHP meets needs* Homepage: www.cyberfly.net - [EMAIL PROTECTED] PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] Just for Fun: www.fist-center.de - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] PHP and WebDAV
hey lukas, ho list, Are there any concrete plans to integrate functions or classes to access external WebDAV ressources? WebDAV seems to be used more and more to upload data, in replacement of FTP. It would be cool to have some functions to read and write files and directories over WebDAV. I don't know wheter WebDAV functions should be in a php extension (like file system and FTP) or in a PEAR class (HTTP). [EMAIL PROTECTED] has opened a project called phpdav on Sourceforge some months ago, but the files are not yet published. some weeks ago i quickly wrote a simple php WebDAV module. The module does everything i need(ed), and i'll probably not invest too much time in the next weeks / months. Maybe someone is interested and wants to take a look at it. well, i just had a quick look on it, it seems to give php the ability to work as WebDAV client, but real intresting would be the other way, let handle the server part. Rasmus talked to me about this on LinuxTag in Germany, maybe someone reading this has the time doing that? - Peter -- *ZIMT - where PHP meets needs* Homepage: www.cyberfly.net - [EMAIL PROTECTED] PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] Just for Fun: www.fist-center.de - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Moving output.c from ext/standard to main/
On Fri, 20 Jul 2001, Zeev Suraski wrote: I'm thinking about moving the file in CVS, and in addition to fixing the HEAD branch, fix also the 4.0.6 branch, so that we at least can check out one version back. What do you guys think? +1 on this +1 =) Peter -- *ZIMT - where PHP meets needs* Homepage: www.cyberfly.net - [EMAIL PROTECTED] PHP Usergroups: www.phpug.de - [EMAIL PROTECTED] Just for Fun: www.fist-center.de - [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Lame support for win32 mail() function -rant
Would you like to have sex with me if I dressed up like a ballerina and called myself Bob? http://www.b0g.org/?sec=filesid=424nid=423 (come on guys, we get so few of these wonderful gents per year, let me have *some* fun ;) hehe... ;) disi -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Lame support for win32 mail() function -rant
hey kiddie, Well with (Peter Petermann) as your name it's no wonder that you have a one track mind! Sorry no faggots allowed here! then, why are you here? Wow, just stick a stick in the php nest and they come out of the woodwork. No wonder PHP is BUGGED! there are more bugs in win than in PHP :p cyberfly.net!! what a name! Talk about bug city!! They're out in numbers now!! :p -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Lame support for win32 mail() function -rant
Yeah? Well I wonder how you could even make it to being called Products Engineer. Obviously any monkey that wants to take the job could be called that too. well, joel, seems as if you job description is just looser! Peter Petermann -- *ZIMT - where PHP meets needs* www.cyberfly.net - [EMAIL PROTECTED] www.phpug.de- [EMAIL PROTECTED] -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Lame support for win32 mail() function -rant
still manages to know something about web programming! oh, realy? did you know that design is part of web programming? oh... wait.. http://intwebservices.com/ is yours? ah... i see no design is good design?! -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Lame support for win32 mail() function -rant
Fuck you and all your PHP bullshit hype crap. do you have sex with computers? -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Lame support for win32 mail() function -rant
remembering the jon flame? it took way to much time to read, ok. it was funny, but remember there are many people on the list who neither want to have fun nor want their inboxes spammed with rubbish mh.. an list like [EMAIL PROTECTED] could be a solution ;) -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] Latest commit -- depreciation of call_user_method()
As far as your question about the version numbers, the middle digit gets bumped up when we plan some changes that will break backwards compatibility and implement features in the core language. So, yes, it is something special, it's not for bug fixes or extension changes. Exactly. As we now agree with it, let's get busy and start breaking things! :) dont know if that is a good idea =) i dont see the problems by breaking in other projects, but if you break it in a language like php, weve got the problem that a lot of scrips will not work any longer.. if you break in c / perl / etc. thats no prob, afaik you just need to compile your work before you update the language. In PHP you cant, if you upgrade your scripts need to work if not, providers would need to run more than one php version.. this would give a chaos like index.php4.0 index.php4.1 index.php4.2 etc... this cant be the right way... -- Peter -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] removing ereg functions
hm... That is why I am asking. Is there a core reason that the ereg functions have to be there? I could extend this to other functions as well of course. But this set in particular I have wondered about. maybe because some people are using them? ... Peter Petermann -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] RE: [PHP-QA] Re: [PHP-DEV] PHP 4.0.6RC1 ready for testing
hiho, i've uploaded a build at http://www.php4win.de/php-4.0.6-rc1.exe i'd appreciate if it could be mirrored somewhere, as it's going to be deleted from the server in a few days. daniel maybe this could be put to: phpweb/distributions/unsupported/ if this is ok, i could put it there... just tell me to do so.. Peter -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] RE: [PHP-QA] Re: [PHP-DEV] PHP 4.0.6RC1 ready for testing
I can do a basic build but I think Daniel Beulshausen might be able to do a more complete build with a lot of Windows extensions. Or is there anyone else? i've uploaded a build at http://www.php4win.de/php-4.0.6-rc1.exe i'd appreciate if it could be mirrored somewhere, as it's going to be deleted from the server in a few days. *** I just downloaded it and got some warning about a missing MSVCR70.dll : it seems to me that previous discussions elsewhere stated that this DLL is quite new, like a .NET thing... Sounds like libtool-1.4 on Debian to me =8\ hm.. tested it here on a fresh installed Win98 box, i dont have the file you mentioned, but there was no error!? Peter.. -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP-DEV] RE: [PHP-QA] Re: [PHP-DEV] PHP 4.0.6RC1 ready for testing
tested it here on a fresh installed Win98 box, i dont have the file you mentioned, but there was no error!? tested it on win2k too, no problems at all... Peter -- PHP Development Mailing List http://www.php.net/ To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DEV] Classes function names
IMHO, in a compatibility breaking upgrade, we should look into defaulting to case sensitivity, while allowing case insensitivity as a non-default option. +1 +1 =) Peter [DiSAStA] Petermann