Re: [PHP-DEV] About CVE-2012-0831 (magic_quotes_gpc remote disable vulnerability?)

2012-02-15 Thread J David
On Thu, Feb 16, 2012 at 2:33 AM, Rasmus Lerdorf wrote: > On 02/15/2012 11:24 PM, J David wrote: >> The specific circumstance was that magic_quotes_gpc was being set to >> off in Apache via php_flag, rather than in the .ini file.  phpinfo() >> reported magic_quotes_gpc as Off/On, but magic quotes b

Re: [PHP-DEV] About CVE-2012-0831 (magic_quotes_gpc remote disable vulnerability?)

2012-02-15 Thread Rasmus Lerdorf
On 02/15/2012 11:24 PM, J David wrote: > On Tue, Feb 14, 2012 at 8:35 AM, Ferenc Kovacs wrote: >> as far as I can see the referenced fix ( >> http://svn.php.net/viewvc?view=revision&revision=323016) never made to the >> 5.3.10 release ( >> http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3_10/

Re: [PHP-DEV] About CVE-2012-0831 (magic_quotes_gpc remote disable vulnerability?)

2012-02-15 Thread J David
On Tue, Feb 14, 2012 at 8:35 AM, Ferenc Kovacs wrote: > as far as I can see the referenced fix ( > http://svn.php.net/viewvc?view=revision&revision=323016) never made to the > 5.3.10 release ( > http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3_10/?pathrev=323032&view=log > ) Preface: I am n

Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/main/output.c trunk/main/output.c

2012-02-15 Thread Johannes Schlüter
On Wed, 2012-02-15 at 07:09 -0800, Christopher Jones wrote: > Of course it warrants a NEWS entry. Unless no one in the world was > using it (in which case why have any code there?), a news entry will > help explain a behavior difference, or identify when something broke > (if you just accidentally

Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/main/output.c trunk/main/output.c

2012-02-15 Thread Christopher Jones
On Feb 15, 2012, at 1:07 AM, Michael Wallner wrote: > On Tue, 14 Feb 2012 12:50:40 -0800, Christopher Jones wrote: > >> It would be great to have a NEWS entry and a testcase and a bug number. >> > > Definitely. > > Seriously, there's no code in core using it, so there's no test case. > ...a

Re: [PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/main/output.c trunk/main/output.c

2012-02-15 Thread Gustavo Lopes
On Wed, 15 Feb 2012 10:07:50 +0100, Michael Wallner wrote: On Tue, 14 Feb 2012 12:50:40 -0800, Christopher Jones wrote: It would be great to have a NEWS entry and a testcase and a bug number. Definitely. Seriously, there's no code in core using it, so there's no test case. ...and it's bee

[PHP-DEV] Re: [PHP-CVS] svn: /php/php-src/ branches/PHP_5_4/main/output.c trunk/main/output.c

2012-02-15 Thread Michael Wallner
On Tue, 14 Feb 2012 12:50:40 -0800, Christopher Jones wrote: > It would be great to have a NEWS entry and a testcase and a bug number. > Definitely. Seriously, there's no code in core using it, so there's no test case. ...and it's been reported on internals@ not bugs.php.net, so there's no bug