Ferenc, yes I know you are generally -1 on reverting this.
Currently this bug has 20 votes all at 'this seriously affects me'
I know Pierre and I are +1 for reverting this change
I think Zeev and Stas where -1 for reverting
I've already seen bugs on random packages (outside PEAR) reporting
problems and thanking me for an explanation. Along with the security
issue reported on one of the PEAR bugs. (not sure if it's in the wild or
exploitable yet, but it is feasible)
As I said before, BC break for practically nobody against those 20+
people is not a justification for me. I think we understand both sides
of the arguments for this, I would appreciate if we could get a vote
together if it is that contentious.
Regards
Alan
On Wednesday, September 21, 2011 07:38 AM, Ferenc Kovacs wrote:
On Tue, Sep 20, 2011 at 11:54 PM, Alan Knowles<a...@akbkhome.com> wrote:
Let's try and close this one.
https://bugs.php.net/bug.php?id=55475
I've just added a patch that adds is_class_of(), which is identical to
is_subclass_of, and has the new feature of supporting strings and using the
autoloader.
It then reverts is_a() back to the previous behavior, and clarifies the
documentation.
This solves the BC issues, and also solves potential security issues with
existing code accidentally passing $url's to the autoloader, and gives
anyone who needs this new behavior a solution.
Let's at least try and respect the new release RFC, and our users who
appreciate PHP's efforts over the years to try and maintain BC. (it's one of
it's few advantages these days...)
Hi Alan,
As it was mentioned before, the main reason to not revert back to the
old behavior is to not break BC once again (it shouldn't have happened
in the first place, but we can't change that. :()-
The security implications was never brought up though, but I think
that it is plausible, that there are people out there without suhosin,
having allow_url_include enabled, and using a vulnerable autoloader
(the PSR-0 reference implementation is vulnerable for example), so
maybe it is worth discussing.
