hi,
don't we have ext/filter that should check all the dangerous input
strings? It would be useless to perform additional checks for constant
stings known at compile time (e.g. on include "foo.php")
Thanks. Dmitry.
Rasmus Lerdorf wrote:
On 11/15/10 10:12 PM, Stas Malyshev wrote:
Hi!
Well, it changes the signature of that function, so while we don't break
backward binary compatibility, we break forward compatibility within the
5.3 branch. As in, if I change my extension to use this new NoNull
string flag, it will no longer work on<5.3.3 whereas if I do the
if(strlen(filename) != filename_len) check, this will still work in all
5.3 releases.
So if you have such extension, and you need to have it compatible with
previous versions (e.g. PECL one), use the check. That doesn't prevent
us from having the flag in the core code and thus keeping it cleaner.
It still worries me a bit. Distros love to separate core extensions
into separate packages and if you update one of those without updating
the core package, it will break. Hopefully they have hard dependencies
so you can't install php-curl-5.3.4 on php-5.3.3, for example.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
