On Fri, Mar 21, 2008 at 5:14 PM, Stanislav Malyshev <[EMAIL PROTECTED]> wrote:
> Can you produce any example of
> application or other real code that would silently misbehave with short
> tags on but behave OK with short tags off?
Embedding PHP in a SVG (XML) file to generate a batch of images w
-Original Message-
From: Hannes Magnusson [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 23, 2008 1:31 PM
To: Tex Texin
Cc: Marcus Boerger; Pierre Joye; [EMAIL PROTECTED]; PHP Developers Mailing List
Subject: Re: [PHP-DEV] Re: [php-icu] Graphemes and unicode vs intl extension
On Sun, Ma
Well, it's the same as the "but i can't validate my php source with
xmllint" folks: You're doing it at the wrong point. Escaping should
happen at the point where you assign the var as a temlate var (in my
I'd be happy though if we left escaping aside and concentrated on the
matter of short ta
Those 'few people' were actually in the majority when it was put to the
vote. Yes development could and should've been made public all along,
but the fact remains that intl offers damn useful functionality.
It was and is public. For heaven's sake, APIs are in the manual! Not
counting the annou
On Sun, Mar 23, 2008 at 8:30 PM, Tex Texin <[EMAIL PROTECTED]> wrote:
> The first thing we did was look at the coding standard.
OK. Well done then.
I guess I was just very unlucky picking locale/locale_methods.c to view then.
> Stas explained the reason we chose the naming we did.
Which is grea
Noone is arguing about the usefulness of the extension.
We are arguing about how the maintainers of the extension are about to
abandon it once it reaches -stable and the fact it doesn't even try to
Hannes, wtf you are talking about? Nobody even thinks about abandoning it.
To make matter worse
So for a whole year none of you (not even the Zend employees that
should know better) thought that there maight be a coding standard
that you should follow?
We followed the coding standard. Coding standard never says there should
be single prefix per extension and this prefix should be extensio
Well the history simply is that many people did not agree. And you simply
For any decision there would be many people that disagree. But we have
to end is somewhere and not rehash it endlessly.
are unhappy with the current state, so either convince them with technical
arguments or change the
OK..
Just removing the "-dev" in the version number would be wrong (as is
symlinking), a Stable PHP release should include "stable" extensions.
Not dev versions of the extension. So one of the ideas is to fetch the
last stable extension release for a PHP release, but well, then there's
the probl
The first thing we did was look at the coding standard.
Stas explained the reason we chose the naming we did.
Having to work on other tasks is not abandonment. It reflects that we also have
other reponsibilities.
Can you be specific about which requests you think should still be made? So far
th
Rasmus Lerdorf wrote:
> The best you can
> do is provide sensible default actions and make sure people realize that
> it isn't the entire solution. But I don't think throwing our hands in
> the air and doing nothing to help the developers is the answer just
> because there are such contexts that c
I should have said when we started we didn't know PHP internals. We certainly
do now. My point was that the info discussed the list wouldn't have been of
interest to most.
-Original Message-
From: Marcus Boerger [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 23, 2008 6:27 AM
To: Tex Texi
Edward Z. Yang wrote:
Rasmus Lerdorf wrote:
Sure, although if you are going to store the raw, I think it is
pointless to store the escaped version.
Yeah, I was thinking more of escaping data that is computationally
expensive; such as bbcodes or wikitext => HTML.
I am not advocating storing i
Rasmus Lerdorf wrote:
> Sure, although if you are going to store the raw, I think it is
> pointless to store the escaped version.
Yeah, I was thinking more of escaping data that is computationally
expensive; such as bbcodes or wikitext => HTML.
> I am not advocating storing it either way, I am si
Stefan Walk wrote:
Rasmus Lerdorf schrieb:
Well, I actually have years of experience taking apps and making them
run under my strict default filter. And it tends to not be very many
changes, if any at all. In the O'Reilly case it gets changed to
O'Reilly which for a pure web app is fine. If
Rasmus Lerdorf schrieb:
Well, I actually have years of experience taking apps and making them
run under my strict default filter. And it tends to not be very many
changes, if any at all. In the O'Reilly case it gets changed to
O'Reilly which for a pure web app is fine. If all input
consiste
Edward Z. Yang wrote:
Rasmus Lerdorf wrote:
Well, I actually have years of experience taking apps and making them
run under my strict default filter. And it tends to not be very many
changes, if any at all. In the O'Reilly case it gets changed to
O'Reilly which for a pure web app is fine. If
Rasmus Lerdorf wrote:
> Well, I actually have years of experience taking apps and making them
> run under my strict default filter. And it tends to not be very many
> changes, if any at all. In the O'Reilly case it gets changed to
> O'Reilly which for a pure web app is fine. If all input
> consi
Stefan Walk wrote:
Rasmus Lerdorf schrieb:
The alternative of relying on the developer remembering to filter
simply doesn't work. Wietse's taint mode is another approach, but it
has performance implications.
As I said, when the backend does the escaping, you don't have to
remember it.
fil
Rasmus Lerdorf schrieb:
The alternative of relying on the developer remembering to filter simply
doesn't work. Wietse's taint mode is another approach, but it has
performance implications.
As I said, when the backend does the escaping, you don't have to
remember it.
filtering would fix, or
Stefan Walk wrote:
Rasmus Lerdorf schrieb:
It is, but it is magic_quotes done right. You apply a really strict
filter that makes your data safe for display and your backend by
default. The only place you can reliably do this this is at the point
the data enters your system. Once it is in, h
Jared Williams schrieb:
A lot of people don't use templates, just raw PHP. So having a short tag
escaping would decrease XSS vulnerabilities.
Well, i don't think that would be wise, because then you'd have to watch
if you're inside
I don't understand why need to essentially duplicate all th
Wietse Venema wrote:
Rasmus Lerdorf:
Soenke Ruempler wrote:
Hi Rasmus,
On 03/23/2008 03:32 PM, Rasmus Lerdorf wrote:
This is what the filter extension is for. You should be working with
escaped data by default and only poke a hole in your data firewall in
the few places where you need to w
Soenke Ruempler wrote:
Hi Rasmus,
On 03/23/2008 04:14 PM, Rasmus Lerdorf wrote:
It is, but it is magic_quotes done right. You apply a really strict
filter that makes your data safe for display and your backend by
default. The only place you can reliably do this this is at the point
the dat
Rasmus Lerdorf:
> Soenke Ruempler wrote:
> > Hi Rasmus,
> >
> > On 03/23/2008 03:32 PM, Rasmus Lerdorf wrote:
> >
> >> This is what the filter extension is for. You should be working with
> >> escaped data by default and only poke a hole in your data firewall in
> >> the few places where you n
Hi,
On Sun, 2008-03-23 at 15:26 +0100, Hannes Magnusson wrote:
> > You can provide a --SKIPIF-- section to detect MB support
> > (http://qa.php.net/write-test.php ).
> > --SKIPIF--
> > > if (!in_array("detect_unicode", array_keys(ini_get_all( {
> > die "skip Requires --enable-zend-mul
Hi Rasmus,
On 03/23/2008 04:14 PM, Rasmus Lerdorf wrote:
It is, but it is magic_quotes done right. You apply a really strict
filter that makes your data safe for display and your backend by
default. The only place you can reliably do this this is at the point
the data enters your system. O
Soenke Ruempler wrote:
Hi Rasmus,
On 03/23/2008 03:32 PM, Rasmus Lerdorf wrote:
This is what the filter extension is for. You should be working with
escaped data by default and only poke a hole in your data firewall in
the few places where you need to work with the raw data. Doing it the
o
Hi Rasmus,
On 03/23/2008 03:32 PM, Rasmus Lerdorf wrote:
This is what the filter extension is for. You should be working with
escaped data by default and only poke a hole in your data firewall in
the few places where you need to work with the raw data. Doing it the
other way around is going
Hello Ryusuke,
I have put your proposal as a link to a PHP GSoC 2008 idea here:
http://wiki.php.net/gsoc/2008
Feel invited to add to this idea in whatever way you want :-)
marcus
Saturday, February 23, 2008, 7:46:34 PM, you wrote:
> 2008/2/24, Andrei Zmievski <[EMAIL PROTECTED]>:
>> Do we hav
Hello Christian,
I have put your proposal as a link to a PHP GSoC 2008 idea here:
http://wiki.php.net/gsoc/2008
Feel invited to add to this idea in whatever way you want :-)
marcus
Saturday, December 22, 2007, 4:08:04 PM, you wrote:
> Hi,
> I was following this thread and came upon Jeff's p
Exactly. So lets deal with one problem at a time Johannes.
But Steph: Your RFC doesn't mention how to deal with the problem.
During development the extension should be -dev... so who is
responsible to change it back during PHP releases?
Most of the core extensions aren't PECL symlinks, so they'r
Jared Williams wrote:
-Original Message-
From: Stefan Walk [mailto:[EMAIL PROTECTED]
Sent: 23 March 2008 11:08
To: Jared Williams
Cc: 'PHP Internals'
Subject: Re: [PHP-DEV] short_open_tag
Jared Williams schrieb:
Well, it's the same as the "but i can't validate my php
source w
2008/3/23 Marcus Boerger <[EMAIL PROTECTED]>:
> Hello Rui,
>
> many thanks!!!
>
> Sunday, March 23, 2008, 12:40:59 PM, you wrote:
>
> > Hello Marcus,
>
> > I try to prepare some short test scripts for zend-multibyte stuff.
>
> > It is like,
>
> > > declare(encoding='Shift_JIS');
> > $s
On Sun, Mar 23, 2008 at 2:37 PM, Steph Fox <[EMAIL PROTECTED]> wrote:
> Hey Hannes,
>
>
> > Few people want this extension to be moved to core, which means: every
> > decision about this extension is "deciding anything about PHP".
>
> Those 'few people' were actually in the majority when it was
On Sun, Mar 23, 2008 at 2:34 PM, Steph Fox <[EMAIL PROTECTED]> wrote:
> Hi,
>
>
> >> The first step in fixing the core<->pecl relationship? \o/
>
> That's the basic idea, yes.
>
>
> >> But what about extensions that are symlinked to core? Will they need
> >> to update their version info during
Hello Stanislav,
cool, care to change the code snippet into a test as I've done for Rui's
snippet?
marcus
Sunday, March 23, 2008, 5:06:53 AM, you wrote:
>> is broken code and not a single test. If this is not going to change as in
>> we are not getting any .phpt files for this feature then
Hello Stanislav,
Sunday, March 23, 2008, 2:51:30 AM, you wrote:
>> Since multiple namespaces are allowed in the same file we have no
>> choice but to use this syntax.
> Yes we have choice. Leave it as it is and stop raising this topic every
> two weeks.
Well the history simply is that many peo
Hello Rui,
many thanks!!!
Sunday, March 23, 2008, 12:40:59 PM, you wrote:
> Hello Marcus,
> I try to prepare some short test scripts for zend-multibyte stuff.
> It is like,
> declare(encoding='Shift_JIS');
> $s = "表"; // 0x95+0x5c
> printf("%x %x\n",ord($s{0}),ord($s{1})); // expected:
Hey Hannes,
Few people want this extension to be moved to core, which means: every
decision about this extension is "deciding anything about PHP".
Those 'few people' were actually in the majority when it was put to the
vote. Yes development could and should've been made public all along, but
Hi,
The first step in fixing the core<->pecl relationship? \o/
That's the basic idea, yes.
But what about extensions that are symlinked to core? Will they need
to update their version info during core release cycles?
It obviously shouldn't have a -dev version when distributed with PHP..
Is i
Hello Hannes,
Sunday, March 23, 2008, 12:43:20 PM, you wrote:
> Hi Tex
> On Sun, Mar 23, 2008 at 10:03 AM, Tex Texin <[EMAIL PROTECTED]> wrote:
>> Pierre, Marcus, et al.
>>
>> 1) The project started a year or so ago.
> So for a whole year none of you (not even the Zend employees that
> should
Hello Tex,
Sunday, March 23, 2008, 10:03:15 AM, you wrote:
[...]
> Several of us working on this project don't know PHP internals.
This sounds extremely unprofessional and ignorant. And especially shows
that you do not at all care for PHP. If I work with something I usually try
to get an underst
Hello Jared,
Sunday, March 23, 2008, 1:57:20 PM, you wrote:
>
>> -Original Message-
>> From: Stefan Walk [mailto:[EMAIL PROTECTED]
>> Sent: 23 March 2008 11:08
>> To: Jared Williams
>> Cc: 'PHP Internals'
>> Subject: Re: [PHP-DEV] short_open_tag
>>
>> Jared Williams schrieb:
>> >
>>
> -Original Message-
> From: Stefan Walk [mailto:[EMAIL PROTECTED]
> Sent: 23 March 2008 11:08
> To: Jared Williams
> Cc: 'PHP Internals'
> Subject: Re: [PHP-DEV] short_open_tag
>
> Jared Williams schrieb:
> >
> >
> >
> >
> >
>
> Well, it's the same as the "but i can't validate m
Hi,
On Sun, 2008-03-23 at 13:01 +0100, "Hannes Magnusson" wrote:
> On Sun, Mar 23, 2008 at 3:51 AM, Steph Fox <[EMAIL PROTECTED]> wrote:
> > does anyone have any objection to the proposal at
> > http://wiki.php.net/rfc/peclversioning?
>
> The first step in fixing the core<->pecl relationship? \
On Sun, Mar 23, 2008 at 3:51 AM, Steph Fox <[EMAIL PROTECTED]> wrote:
> does anyone have any objection to the proposal at
> http://wiki.php.net/rfc/peclversioning?
The first step in fixing the core<->pecl relationship? \o/
Looks good.
But what about extensions that are symlinked to core? Will t
On Sat, Mar 22, 2008 at 9:17 PM, Lars Strojny <[EMAIL PROTECTED]> wrote:
>
> $str = <<<"LABEL"
> $var
> LABEL;
-1 no please
-Hannes
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Tex
On Sun, Mar 23, 2008 at 10:03 AM, Tex Texin <[EMAIL PROTECTED]> wrote:
> Pierre, Marcus, et al.
>
> 1) The project started a year or so ago.
So for a whole year none of you (not even the Zend employees that
should know better) thought that there maight be a coding standard
that you shoul
Jared Williams schrieb:
Well, it's the same as the "but i can't validate my php source with
xmllint" folks: You're doing it at the wrong point. Escaping should
happen at the point where you assign the var as a temlate var (in my
small template class: $tpl->assign('items', $some_data) wi
Johannes Schlüter schrieb:
I said in some previous post I won't like multiple namespaces per file
using the 2nd syntax. So imo: either on ns per file and the 2nd syntax
or allow multiple and use brackets. And then I prefer the latter.
I second that emotion.
--
Sebastian Bergmann
Pierre, Marcus, et al.
1) The project started a year or so ago. A few of us from different companies
had a strong need to see that PHP had international collation, formats,
normalization, grapheme support, and other functions in a time frame nearer
than php 6. The resulting intl extension has b
Derick Rethans wrote:
On Fri, 21 Mar 2008, Pierre Joye wrote:
On Fri, Mar 21, 2008 at 5:35 PM, Derick Rethans <[EMAIL PROTECTED]> wrote:
On Fri, 21 Mar 2008, Stanislav Malyshev wrote:
> > You can't actually use the class name "DateFormatter" when you want
> > pecl/intl to be in core. "Date"
53 matches
Mail list logo
