[PHP-DEV] Proposal: restrict the number of filters

2024-11-07 Thread jvoisin
Hello, Chaining filters is becoming an increasingly popular primitive to exploit PHP applications: - https://www.synacktiv.com/en/publications/php-filters-chain-what-is-it-and-how-to-use-it.html + https://github.com/synacktiv/php_filter_chain_generator - https://www.synacktiv.com/publications/php

[PHP-DEV] PHP 8.4.0RC4 available for testing

2024-11-07 Thread Calvin Buckley
PHP 8.4.0RC4 has just been released and may be downloaded from https://downloads.php.net/~calvinb/ Or use the git tag: php-8.4.0RC4 Windows binaries are available at: https://windows.php.net/qa/ Please test it carefully, and report any bugs at https://github.com/php/php-src/issues The next rel

[PHP-DEV] PHP 8.2.26RC1 available for testing

2024-11-07 Thread Pierrick Charron
PHP 8.2.26RC1 has just been released and can be downloaded from: https://downloads.php.net/~pierrick/ or https://qa.php.net/ or use the git tag: php-8.2.26RC1 Windows binaries are available at: https://windows.php.net/qa/#php-8.2 Please test it carefully, and report any bugs to https://github

Re: [PHP-DEV] Proposal: restrict the number of filters

2024-11-07 Thread Derick Rethans
On Thu, 7 Nov 2024, jvoisin wrote: > The easiest way to kill this vector is to simply limit the number of > filters that can be chained, as attacks require a at least a couple of > them, while legitimate use usually use one or two tops, as highlighted > by arnaud-lb's analysis: > https://github.co

[PHP-DEV] PHP 8.3.14RC1 Ready for testing

2024-11-07 Thread ericmann
PHP 8.3.14RC1 has just been released and can be downloaded from: https://downloads.php.net/~eric/ or https://qa.php.net/ or use the git tag: php-8.3.14RC1 Windows binaries are available at: https://windows.php.net/qa/#php-8.3 Please test it carefully, and report any bugs to https://github.c

Re: [PHP-DEV] [RFC] PHP.net analytics

2024-11-07 Thread Derick Rethans
On Sat, 2 Nov 2024, Jonathan Vollebregt wrote: > On 11/2/24 12:10 AM, Bob Weinand wrote: > > What percentage of users get to the docs through direct links vs the > > home page > > > > That's something you can generally infer from server logs - was the > > home page accessed from that IP right b

Re: [PHP-DEV] [RFC] PHP.net analytics

2024-11-07 Thread Derick Rethans
On Sat, 2 Nov 2024, Bob Weinand wrote: > On 1.11.2024 22:41:29, Larry Garfield wrote: > > In a similar vein to approving the use of software, Roman Pronskiy > > asked for my help putting together an RFC on collecting analytics > > for PHP.net. > > > > https://wiki.php.net/rfc/phpnet-analytics