[PHP-DEV] Test

Hello World (-: Regards, Daniel -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

[Fwd: Re: [PHP-DEV] GCC / Rounding Problem]

Any chance this patch makes it into 4.4.5? - Chris Original-Nachricht Betreff: Re: [PHP-DEV] GCC / Rounding Problem Datum: Tue, 16 Jan 2007 16:50:31 +0100 Von: [EMAIL PROTECTED] (Luca Longinotti) https://overlays.gentoo.org/proj/php/browser/patches/php-patches/4.4.4/4.4.4/php4

Re: [PHP-DEV] allow_url_fopen / allow_url_include and fine grained control

Hello Ilia, Wednesday, January 17, 2007, 3:09:15 PM, you wrote: > On 16-Jan-07, at 8:07 PM, Sara Golemon wrote: >> allow_url_include has been bashed lately for being "not good >> enough", and there is a kernel of truth to that, though where the >> ultimate blame falls if of course a touchy s

Re: [PHP-DEV] Giving Globals the CV treatment [WAS: Runtime JIT Proposals]

It is interesting and very clear patch. Probably you idea can be extended to support regular globals too. I mean $GLOBALS["name"]. > GLOBALS is itself in the auto global registry, so these would automatically get picked up too. Oh, no, you probably mean have that entire expression boil down t

Re: [PHP-DEV] Comments on PHP security

Which functions am I forgetting? All using php_stream_open*. I see 38 files in the php source tree using this function. You probably would have to go to each of them and change each instance to support your flag. That's the safe mode story again - you plug 90% quickly and then spend forever t

Re: [PHP-DEV] Comments on PHP security

Stanislav Malyshev schreef: fopen($file, 'r') and fopen($url, 'ru') and fopen('php://output', 'ru'). What about all other function using streams that do not have fopen arguments? The whole idea of streams was for the things to work transparently with all functions, if it were only about fop

Re: [PHP-DEV] Comments on PHP security

fopen($file, 'r') and fopen($url, 'ru') and fopen('php://output', 'ru'). What about all other function using streams that do not have fopen arguments? The whole idea of streams was for the things to work transparently with all functions, if it were only about fopen there were no reason to do

Re: [PHP-DEV] allow_url_fopen / allow_url_include and fine grained control

Ilia Alshanetsky wrote: > > On 16-Jan-07, at 8:07 PM, Sara Golemon wrote: > >> allow_url_include has been bashed lately for being "not good enough", >> and there is a kernel of truth to that, though where the ultimate >> blame falls if of course a touchy subject. > > Not really, I mean is it so

Re: [PHP-DEV] allow_url_fopen / allow_url_include and fine grained control

On 16-Jan-07, at 8:07 PM, Sara Golemon wrote: allow_url_include has been bashed lately for being "not good enough", and there is a kernel of truth to that, though where the ultimate blame falls if of course a touchy subject. Not really, I mean is it so difficult to expect the extension wri

[PHP-DEV] Upcoming features PHP 6?

Hi, Is there any list of the upcoming features of PHP 6 (as update of http://www.php.net/~derick/meeting-notes.html) For instance, what has been decided on macro's? Best regards, Arnold -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.ph

Re: [PHP-DEV] Comments on PHP security

Sudo starts a new process under another user. Currently it isn't possible to switch the user of the running process. This patch allows to switch the user of the running process and also allows to switch back to the original user. Only specific users may switch to other specific users (the same

Re: [PHP-DEV] allow_url_fopen / allow_url_include and fine grained control

Hi Sara +1 from me, a very nice solution to the problem IMO Regards Marco

Re: [PHP-DEV] Comments on PHP security

On Wed, Jan 17, 2007 at 01:38:57PM +0100, Arnold Daniels wrote: > Hi again, > > Yes we can share it with the world, but first it should be reviewed by > others to see if we haven't missed anything which makes the system less > secure instead of more. Also the source code is currently really dirt

Re: [PHP-DEV] Comments on PHP security

Hi again, Yes we can share it with the world, but first it should be reviewed by others to see if we haven't missed anything which makes the system less secure instead of more. Also the source code is currently really dirty and specified on our situation (to little to config, mod_diffpriv also

Re: [PHP-DEV] Comments on PHP security

Hi Arnold, Alain, - Original Message - From: "Alain Williams" Sent: Wednesday, January 17, 2007 > On Wed, Jan 17, 2007 at 12:45:37AM +0100, Arnold Daniels wrote: > > Hi, > > [...] > > Last, I'm a software developer at a shared hosting company. To my > > opinion, making sure that users don

RE: [PHP-DEV] Giving Globals the CV treatment [WAS: Runtime JIT Proposals]

Hi Sara, It is interesting and very clear patch. Probably you idea can be extended to support regular globals too. I mean $GLOBALS["name"]. BTW I am not sure this patch will give significant speedup, because locals are used most often then globals, and your patch adds small overhead for them. Did

Re: [PHP-DEV] Comments on PHP security

On Wed, Jan 17, 2007 at 12:45:37AM +0100, Arnold Daniels wrote: > Hi, > > First of all I admit I'm no PHP security expert or PHP internals expert > or anything, so please don't flame me if I say something stupid. > > Wouldn't simply adding a flag to allow url's (which includes all '*://' > stream

Re: [PHP-DEV] allow_url_fopen / allow_url_include and fine grained control

Hello Sara, strong +1, awesome work! best regards marcus Wednesday, January 17, 2007, 2:07:15 AM, you wrote: > Index: main/php_globals.h > === > RCS file: /repository/php-src/main/php_globals.h,v > retrieving revision 1.109 > dif