On Fri, 03 Feb 2012 14:00:11 -0800, Stas Malyshev wrote:
Hi!
As it's a security patch and of small scope, I would consider it for
5.4. Stas, David?
Do we have unit tests for this code? The fix involves changes in
header sending so it may have impact on lots of code. Changes like
this can be dangerous. I'm thinking maybe we should wait with it
until
5.4.1.
This bug has now four tests and there are some other tests than include
calls to header().
That said, I wouldn't consider this critical. This is only relevant if
the programmer included user data in the header without validation.
--
Gustavo Lopes
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
