Forgive me, s/Illija/you :)
On Aug 21 2024, at 2:10 pm, Ilija Tovilo wrote:
>
> Including a malicious composer package already allows for arbitrary
> code execution, do you really need more than that?
>
Of course. We've seen many examples in the wild of 3rd party libraries getting
hijacked to inject malicious code (e.g.
> On Aug 20, 2024, at 9:44 AM, Arnaud Le Blanc wrote:
>
> Hi Mike,
>
> On Tue, Aug 20, 2024 at 2:45 AM Mike Schinkel wrote:
>> It seems Java-style Generics are viewed as the proper archetype for Generics
>> in PHP? I would challenge the wisdom of taking that road considering how
>> different
Hi John
On Wed, Aug 21, 2024 at 8:02 PM John Coggeshall wrote:
>
> This is an attack vector for every application and I would argue should be a
> real concern for the vast majority of applications out there -- any which
> rely on namespace-based frameworks and composer packages from untrustwor
On Aug 21 2024, at 8:03 am, Rob Landers wrote:
>
> If this is an attack vector for your application, then fully qualified names
> is the way to go (WordPress does this nearly everywhere, for example).
This is an attack vector for every application and I would argue should be a
real concern for
On Wed, Aug 21, 2024, at 10:23, John Coggeshall wrote:
>
>
> On Aug 2 2024, at 4:37 pm, Bilge wrote:
>> My only concern is there needs to be an alternative way to do this:
>> intercepting internal calls. Sometimes, whether due to poor architecture or
>> otherwise, we just need to be able to
On 21 August 2024 09:59:53 BST, Marc Bennewitz wrote:
>Hi,
>
>The DatePeriod class works based on DateTimeInterface but does not take the
>microsecond of the date-time instance into account [1].
>To fix that I have opened a small PR [2] 2 months ago which got approved
>quickly as well but nothin
Am 21.08.2024 um 09:44 schrieb Faizan Akram Dar :
> On Wed, Aug 21, 2024, 9:34 AM Christian Schneider
> wrote:
>> The point where I think we disagree is that it improves the code. It may
>> improve performance of the code (even though I somewhat doubt this has a
>> *significant* impact on most
Hi,
The DatePeriod class works based on DateTimeInterface but does not take
the microsecond of the date-time instance into account [1].
To fix that I have opened a small PR [2] 2 months ago which got approved
quickly as well but nothing more happened until then.
I'm wring here to kindly ask
On Aug 2 2024, at 4:37 pm, Bilge wrote:
> My only concern is there needs to be an alternative way to do this:
> intercepting internal calls. Sometimes, whether due to poor architecture or
> otherwise, we just need to be able to replace an internal function call. One
> example I can think of r
On Wed, Aug 21, 2024, 9:34 AM Christian Schneider
wrote:
> Am 20.08.2024 um 17:14 schrieb Levi Morrison >:
> > Keep in mind that qualifying
> > every global function is annoying but probably can be somewhat
> > automated, and will bring better performance. So again, this improves
> > the existin
11 matches
Mail list logo
