On Mon, Jan 10, 2022 at 9:37 PM Michael Morris wrote:
>
> If someone can inject a debug_backtrace into your code and get it executed
> you have bigger problems than a parameter being exposed. And if you
> configure your prod servers to be all chatty Kathy to the world on error,
> you need to lear
On Mon, Jan 10, 2022 at 8:05 AM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Internals!
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
>
> Christoph Becker granted me RFC editing permissions and I've now written
> up our proposal as a proper RFC
Good morning Tim,
On Mon, Jan 10, 2022 at 9:06 PM Tim Düsterhus, WoltLab GmbH
wrote:
I am not sure it makes sense to make the code so verbose to prevent
users from showing sensitive data as it never stops (next
print_r/var_dump and userland version of them?).
Also sensitive data goes way beyond
Hi Tyson,
On Tue, Sep 21, 2021 at 9:19 AM tyson andre wrote:
>
> While there is considerable division in whether or not members of internals
> want to adopt namespaces,
> I hope that the final outcome of the poll will be accepted by members of
> internals
> as what the representative of the maj
On Mon, Jan 10, 2022 at 4:05 PM Tim Düsterhus, WoltLab GmbH <
duester...@woltlab.com> wrote:
> Hi Internals!
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
>
> Christoph Becker granted me RFC editing permissions and I've now written
> up our proposal as a proper RFC
Answering the question: How do other languages handle this problem? Or how
do they avoid it in
the first place?
Python basically doesn't handle the problem at all and offers this advice: Be
sure to delete all debugging related code before code delivery!
See section [9.2.1 production code cannot c
Actually, on second glance, it seems that they make a call to zend_compare.
So currently they would all work with an implementation of <=> but not ==.
So I'd mostly just need to update the fast_equal_check_function.
Jordan
Apologies. I think I saw this, but then was distracted by other matters and
lost track of it.
This will not work because it will first try A->{'/'}(B) that throws a
>> TypeError? So it means what I was able to do for floats, cannot be done for
>> my new classes afterwards? This is inconsistent I
On 08.05.2019 at 20:58, Sara Golemon wrote:
> I fell down a WTF hole today that led me to zend_atol().
> The end result is the PR which I'd like to present for discussion (I'll add
> tests before I push anything, though it might necessitate a vote).
> https://github.com/php/php-src/pull/4132
>
> T
Hi Jordan,
Many thanks for all your replies. But did you miss Côme's mail (maybe
because you weren't direct recipient)? Anyway, here it is again:
On Tue, Jan 4, 2022 at 10:02 AM Côme Chilliet wrote:
> Hello,
>
> From the RFC:
>
> > If the left operand produces a TypeError due to the parameter t
Hi Tim,
On Mon, 10 Jan 2022 at 14:05, Tim Düsterhus, WoltLab GmbH
wrote:
>
> this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
>
> https://wiki.php.net/rfc/redact_parameters_in_back_traces
>
How do other languages handle this problem? Or how do they avoid it in
the first
Hi Internals!
this is a follow-up for my "Pre-RFC" email from last Friday, January, 7th.
Christoph Becker granted me RFC editing permissions and I've now written
up our proposal as a proper RFC:
https://wiki.php.net/rfc/redact_parameters_in_back_traces
I recommend also taking a look at my pr
12 matches
Mail list logo
