On Thu, Mar 20, 2025 at 9:51 AM Daniel Scherzer
wrote:
> On Sun, Mar 16, 2025 at 12:31 PM Matt Fonda
> wrote:
>
>> Hi Daniel,
>>
>> I believe this feature essentially amounts to "add methods which can
>> never be called", which in my mind make
Hi Larry,
On Fri, Mar 28, 2025 at 7:48 PM Larry Garfield
wrote:
> I have to think people are misunderstanding Nikita's earlier comment, or
> perhaps that he phrased it poorly.
>
> The determination of whether a method call is type-compatible with the
> parameters passed to it is made *at runtime
1:27, schrieb Matt Fonda:
> > If an interface adds a method but makes no promises about what
> > parameters
> > it accepts, then why is it part of the interface in the first
> > place--why
> > add a method that can't be used?
>
> It would more cleanly all
On Mon, Mar 10, 2025 at 12:07 PM Daniel Scherzer <
daniel.e.scher...@gmail.com> wrote:
> Hi internals,
>
> I'd like to start discussion on a new RFC about allowing `never` for
> parameter types when declaring a method.
>
> * RFC: https://wiki.php.net/rfc/never-parameters-v2
> * Implementation: htt
On Fri, Dec 17, 2021 at 10:37 AM Jordan LeDoux
wrote:
> On Fri, Dec 17, 2021 at 9:43 AM Matt Fonda wrote:
>
>> Hi Jordan,
>>
>> Thanks for the RFC. I have a couple questions:
>>
>> Suppose I have classes Foo and Bar, and I want to support the following
>&
(is_int($result)) {
// can't just assume it's an int because * returns Foo|int
}
Thanks,
--Matt
On Tue, May 11, 2021 at 7:45 AM Nikita Popov wrote:
> My thought here is that a constructor with (only) promoted properties is
> hardly a constructor at all -- it's more like a special syntax for
> declaring properties that happens to re-use the constructor notation,
> because that allows it gene
Hi Mark,
I'm a fan of adding an easy and performant way to implement classmap-based
autolading, but weary of adding yet another way to autoload. If it would be
possible to do so without negating the performance improvements, I'd
suggest having this work in conjunction with the existing
spl_autoloa
There's a new behavior change with $_SERVER on master branch only, that's
broken MediaWiki and should break some other applications.
When variables_order=GPCS(default), $_SERVER is only populated with
PHP_SELF, REQUEST_TIME_FLOAT and REQUEST_TIME (PATH_TRANSLATED, etc... are
missing).
Is this an
If behavior wasn't changed unless ENV var or CLI option was specified, then
I think it can go into 7.1 (run-test.php isn't production code part of a
build, etc...).
Behavior remaining the same of course wouldn't break anybody's existing CI.
For those who benefit from this in 7.3, they should ben
Is this an intentional change that we want?
If variables_order is set to EGPCS then $_SERVER is populated as normal.
I have filed a bug #75982 on this issue:
https://bugs.php.net/bug.php?id=75982
Regards
-Matt
This is a reimplementation of run-test.php, not just a wrapper (so its
another parser for the PHPT file format). However, its missing support for
many PHPT sections (ie its PHPT format support is incomplete).
See:
https://github.com/nazar-pc/phpt-tests-runner/blob/master/bin/phpt-tests-runner#L117
xdebug and other system extensions.
I'm going to commit this into master after review and then rise question
about enabling it by default in PHP-7.2.
Thanks. Dmitry.
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi,
I noticed that php.ini-development now sets variables_order="GPCS" instead
of "EGPCS".
run-test.php uses $_ENV to read environment variables and will set those on
all the child processes it creates. However, if variables_order="GPCS",
$_ENV will be empty and the environment variables table on
the Wordpress improvement this week?
This is 3 reports in a row that show ~5%.
Did I miss some substantial commit(s)?
Thanks for any insight!
- Matt
* Relative Standard Deviation (Standard Deviation/Average)
If this is not displayed properly please visit our results page here:
http
something like the following:
function f($fqcn, $args) {
$instance = new $fqcn;
foreach ($args as $key => $value) {
$instance->$key = $value;
}
return $instance;
}
...
$this->fooMethod(
$arg1,
$arg2,
f('FooParams', [
'prop1' => ...,
'prop2' => ...,
'prop3' => f('Obj1', [
'prop1' => ...,
'prop2' => ...,
],
])
);
You may also use the approach Peter suggested. As such, I don't think
introducing a new syntax for it is necessary.
Best,
--Matt
An INI section wouldn't have the extension directory path AND wouldn't have
the name of the SO to load. On Windows, its zend_extension=php_opcache.DLL.
Typically the same opcache, etc... feature/test should work across os
platforms.
OpCache tests can just use a SKIPIF section to be skipped unless
Now, after seeing Bogdan's hash optimization idea last month [2], and
reading Nikita's blog post [3] again, I had some ideas I'd like to try --
assuming nobody else is planning major changes. :-) Besides Nikita, I'm
addressing Dmitry and Xinchen because your names are on some minor hash
items on
o idea how it'll perform (lookups should be very, very
fast (upsizing also); but cache factors and inserts/deletes are wildcards).
Wish me luck!?
Thanks,
Matt
[1] https://marc.info/?l=php-internals&m=143444845304138&w=2
[2] https://marc.info/?t=14574424811&r=1&w=2
I think there's a
major problem: Consider a "specially" (easily!) crafted string where the
trailing bytes can clear/set almost all hash bits. So almost the entire
hash value can be set by those trailing bytes. :-O This may not be a
problem if using a seeded hash function; not sure.
Finally, the [branchless] way to check trailing bytes instead? A few weeks
ago, I thought of using xor to compare, then shift out the unwanted bytes
(left/right for little/big endian, I guess). But Valgrind will complain
about about the uninitialized parts, I thought. Until I came across some
info. [1] Sat. night suggesting that Valgrind tracks values on a *bit*
level. So I had to try it, outside of PHP, and it worked fine!
[1]
https://www.usenix.org/legacy/publications/library/proceedings/usenix05/tech/general/full_papers/seward/seward_html/usenix2005.html
Here's what I thought, which could even be run uncondtionally, without
checking for trailing bytes, since there's always another long-sized chunk:
mov (str1), %r
xor (str2), %r
and $7, %ecx# % 8
shl $3, %ecx# * 8
xor %any, %any # clear flags, for free, in case %cl is 0
shl %cl, %r
jne ...
Should only cost the latency of the variable shift (slower than AMD :-P).
But the compilers aren't smart enough (?) to use the shift result for the
jump, and put an extra "test %r, %r." Well it will probably fuse with the
jump, so no extra micro-ops anyway. :-)
And my "ideal" instructions cause false errors with Valgrind anyway, when
the shift moves uninitialized bits to the carry flag. (%eflags is tracked
as a whole.) Adding a free "clear carry" doesn't help...
So I guess a check for trailing bytes is needed in C. But same idea, with
the full background. ;-)
Thoughts?
Thanks,
Bogdan
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Bob, all,
- Original Message
From: "Bob Weinand"
Sent: Wednesday, April 20, 2016
> Am 20.04.2016 um 18:22 schrieb Dmitry Stogov :
>
>
>
> On 04/20/2016 06:24 PM, Matt Wilmas wrote:
>> Hi Dmitry,
>>
>> - Original Message -
>>
.
I think we don't need RFC for this. This is a long time desired fix.
The same "interrupt" handling mechanism in the future may be reused for
TICK
and signal handling.
Thanks. Dmitry.
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
ity
with HHVM. The easier we make it for people to switch interpreters (and
develop
software which works on both interpreters) the better for PHP as a whole.
Also agree that we don't need null union types if we have nullable types.
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
ess, etc. (1% or more? Can't remember.)
Thanks.
--
Yasuo Ohgaki
yohg...@ohgaki.net
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
ng CPU instruction cache usage?
Thanks,
Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
as they're already doing this.
- Matt.
2.html
What can 'reasonably' be considered harassment differs from person to
person.
What does 'will not be tolerated' mean? Does this CoC come with a set of
teeth? Where is it enforceable?
I support the intention to avoid creating a way to police peoples' politics,
but there is ambiguity here.
- Matt.
Hi,
So, rather than putting words in your mouth, I will ask the question
directly: you say above that you do not agree that there is a need for
a *new* enforcement process, but do you agree that there is a need for
the *old* enforcement process to be recognised as such?
Yes, have no issue wit
On 09/02/16 15:31, Christoph Becker wrote:
On 09.02.2016 at 15:50 Matt Prelude wrote:
Where can I find out how voting karma works?
I've searched but there appears to be little in the way of a clear guide.
Keen to get involved, but not sure where to start.
Who can vote is describ
If you
consider the status quo to include such an enforcement mechanism, and
do not wish to remove it, then you agree with that general principle.
With respect, I don't think that disagreeing that there is any need for a
new enforcement process is 'agreeing with' the new RFC.
- Matt.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
ke their suggestions.
- Matt.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
e I was getting this all wrong, I made a pull request to remove
this secrecy from the process, which was promptly closed:
https://github.com/derickr/php-community-health/pull/37
I'd suggest that we stick with the teeth we already have, rather than
creating a new set based on an issue which has
Hi,
Where can I find out how voting karma works?
I've searched but there appears to be little in the way of a clear guide.
Keen to get involved, but not sure where to start.
- Matt.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
have karma to
vote on RFCs.
I think this is a lot better (and more technically-focused) than the
Contributer
Covenant, so it's a step in the right direction, but I still think it
needs some
refining to be 'production-ready'.
- Matt Prelude.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
d be my expectation from the
method name.
- Matt.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
e.
I like it. Would like to see it be a bit more generic though, something
like (ignore the name, I can't name functions):
array_validate_keys($array, is_int);
I say this because it allows for more potential uses (that and I've done
exactly the same to check all keys are strings be
Hi,
On 03/02/16 16:54, Dan Ackroyd wrote:
On 3 February 2016 at 09:03, Davey Shafik wrote:
Hi all,
It's actually very difficult to be able to reliably determine that you are
running the _real_ PHP runtime and not something mimicking it.
The underlying problem seems to be caused by HHVM delib
e Go Code is far more clear in defining prohibited behaviours.
I've already proposed this idea over at GitHub, but it strikes me that
the correct channel for discussion is PHP internals.
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
To contribute bugfixes to PHP.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Dmitry!
- Original Message -
From: "Dmitry Stogov"
Sent: Tuesday, December 22, 2015
Hi Matt,
On Tue, Dec 22, 2015 at 8:36 PM, Matt Wilmas
wrote:
Hi all,
Lior, which compiler are you using? You can still reproduce the problem?
Can you run it through Valgrind?
I
egister.
%r12 with -O2 seems to consistently fail, but with -O3 it might be %r13,
etc.
Now, the question: Is that little change triggering a bug in GCC 4.8? Or is
it somehow revealing a PHP problem?!
Thanks,
Matt
- Original Message -
From: "Lior Kaplan"
Sent: Monday, Novemb
Hi,
- Original Message
From: "Andrea Faulds"
Sent: Monday, December 07, 2015
Hi Matt,
Matt Wilmas wrote:
Hi Bob, all,
After this commit:
http://git.php.net/?p=php-src.git;a=commitdiff;h=509712c7d9056b4ceb50134bfeea1a1115720744
In streamsfuncs.c, line 996 has an extra
stuff can
be cleaned up, for 7.1 at least.
Thanks,
Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Anatol, all,
CFG's effect on Wordpress at the end... :-/
- Original Message -
From: "Anatol Belski"
Sent: Wednesday, November 25, 2015
Hi Matt,
I wonder really how much research you do :)
Not much on this... Hope there aren't major inaccuracies.
I just cam
Hi Anatol,
- Original Message -
From: "Anatol Belski"
Sent: Wednesday, November 25, 2015
Hi Matt,
-Original Message-----
From: Matt Wilmas [mailto:php_li...@realplain.com]
Sent: Monday, November 23, 2015 8:15 AM
To: Anatol Belski ; internals@lists.php.net;
int
Hi Anatol, all,
- Original Message -
From: "Anatol Belski"
Sent: Monday, November 16, 2015
Hi Matt,
-Original Message-----
From: Matt Wilmas [mailto:php_li...@realplain.com]
Sent: Monday, November 16, 2015 2:59 PM
To: Anatol Belski ; internals@lists.php.net;
int
Hi Dmitry,
- Original Message -
From: "Dmitry Stogov"
Sent: Monday, November 16, 2015
Hi Matt,
On Mon, Nov 16, 2015 at 1:30 AM, Matt Wilmas
wrote:
Hi Dmitry, Anatol, Pierre (etc.), and all,
I'm back now, I think, after a much longer (unintentional) break than
Hi Anatol, Dmitry, all,
Will reply about the original subject issues soon, but this is about new
stuff I noticed the other day... Adding Matt Tait and Nikita because of PR
#1418 and comments.
Anyway, the new Control Flow Guard (/guard:cf) is causing a big slowdown on
bench.php. :-( 14% on
Hi Anatol,
- Original Message -
From: "Anatol Belski"
Sent: Monday, November 16, 2015
Hello Matt,
-Original Message-----
From: Matt Wilmas [mailto:php_li...@realplain.com]
Sent: Sunday, November 15, 2015 11:31 PM
To: internals@lists.php.net; internals-...@lists.php.net
no useless functions, and no link error. Both VS 2008 &
2015 (same results).
Thoughts?
Thanks,
Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
optimal," but after the commits were finalized, etc. it would be sorted out
again. But this does seem pretty extreme, and I don't recall seeing radical
changes since the last one... *shrug*
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
ommit/92e568270957a63c8b0d1545d9dc0495a851b5c0
On Wed, Oct 7, 2015 at 4:39 AM, Anatol Belski wrote:
> Hi Matt,
>
> > -Original Message-----
> > From: Matt Ficken [mailto:themattfic...@gmail.com]
> > Sent: Wednesday, October 7, 2015 12:18 PM
> > To: Anatol Bel
> > Sent: Tuesday, October 6, 2015 10:01 AM
> > To: Anatol Belski
> > Cc: Matt Ficken ; Pierre Joye
> > ; Laruence ; PHP Internals
> > ; dmi...@php.net
> > Subject: Re: [PHP-DEV] Re: Windows OpCache bug fix
> >
> > On Mon, Oct 5, 2015 at 6:
he. Can we do this now? What is
still possible for 7.0? 7.0.1?
On Mon, Oct 5, 2015 at 11:49 AM, Eric Stenson
wrote:
> >From: Dmitry Stogov [mailto:dmi...@zend.com]
> >
> >> On Thu, Oct 1, 2015 at 11:54 AM, Matt Ficken
> >> wrote:
> >>
> >>> P
>
>
> And what wincache does. It is slower but the request is served.
>
>
> WinCache (file cache) if it can't reattach, creates a new shared mem file
for just that process: see
http://svn.php.net/viewvc/pecl/wincache/trunk/wincache_filemap.c?revision=336846&view=markup
Line 1122.
Yes, ideally it w
only with global registers
anyway.)
Wondering what you had in mind when adding it, etc. So it'd be cool if
there's anything else you could tell us about it, or who should use it and
why...
Thanks,
Matt
- Original Message -
From: "Dmitry Stogov"
Sent: Frid
?p=php-src.git;a=commitdiff;h=2d55e8c186ef1034c2af64478da8f23dbeb28be9
>
>
>
> On Thu, Sep 24, 2015 at 11:00 AM, Dmitry Stogov wrote:
>
>> hi Matt,
>>
>> Thanks.
>> I also moved the exit condition to be before Sleep().
>> This should prevent race co
.
Especially ASLR, also PECL DLLs, and other factors will still cause this
issue occasionally, but this fixes a majority of my occurrences.
Regards
-M
On Wed, Sep 23, 2015 at 2:04 AM, Dmitry Stogov wrote:
> Hi Matt,
>
> It looks like with your patch, the same file may be mapped to
I want to increase visibility for my PR 1531,
https://github.com/php/php-src/pull/1531, my patch for fixing an
intermittent OpCache issue on Windows.
Details, etc... are on the PR.
Regards
-M
ing available...? :-)
Thanks.
--
Yasuo Ohgaki
yohg...@ohgaki.net
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
*should* implicitly
happen since it has been marked with ZEND_COLD. Still, better to explicitly
use UNEXPECTED(), which covers all cases...
- Matt
- Original Message -
From: "Anatol Belski"
Sent: Wednesday, August 26, 2015
Commit:d40a149ade589cdb97604ceb22560214ff3
Hi Anatol,
Just a quick reply to couple parts... Have to go, and I don't care much
either way about the stuff, just commenting before. :-)
- Original Message -
From: "Anatol Belski"
Sent: Tuesday, August 25, 2015
Hi Matt,
Thanks for the comments.
-Original Me
Hi Anatol, Dmitry, all,
- Original Message -
From: "Anatol Belski"
Sent: Friday, August 21, 2015
Hi,
Resending this as missed internals at the start.
I was lately rethinking some part of the 64-bit RFC, and also seeing now
Jakub's work on catching overflows in ext/o
Clarification: your test depends on being able to run multiple instances of
the same test at the same time?
run-tests runs one test at a time. It does launch a separate php.exe for
each test, but it doesn't use non-blocking popen or pcntl, so it can only
run one test at a time.
see:
http://git.ph
ith the fastest/smallest
parameter parsing we could imagine, across all of PHP! I guess that means
start looking for it next week...? :-) I may just send a patch sooner
without even writing up an explanation about parts first like I planned.
More below...
- Original Message -----
Fro
D_NORETRUN_ALIAS"
instead of NORETURN.
[1] https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
Thanks. Dmitry.
Thanks,
Matt
On Mon, Aug 17, 2015 at 1:26 PM, Matt Wilmas
wrote:
Hi Dmitry, all,
Has it been considered to use __attribute__((cold)) on, for example,
error-type functions?
ld be fine in all
cases (even if *int* was 64-bit).
I don't see how it's simpler or safer to use #if.
But actually, if #if was used, should really be checking SIZE_MAX > UINT_MAX
I guess, and ZEND_LONG_MAX > INT_MAX.
But using sizeof() in the macro definition gives the same res
Hi Anatol,
- Original Message -
From: "Anatol Belski"
Sent: Tuesday, August 18, 2015
Hi Matt,
> [...]
>
> The checks with zend_long vars like key_length and iterations are
> impossible
> when ZEND_LONG_MAX == INT_MAX (most if not all 32-bit, I guess). So
Hi Jakub,
- Original Message -
From: "Jakub Zelenka"
Sent: Tuesday, August 18, 2015
On Tue, Aug 18, 2015 at 9:48 PM, Matt Wilmas
wrote:
Hi Anatol, Jakub,
[...]
The checks with zend_long vars like key_length and iterations are
impossible when ZEND_LONG_MAX == INT_MAX (m
max) < sizeof(_var) && _max < _var)
Which should work fine and allow the compiler to remove it easily, without
any extra clutter.
BTW, in openssl_pbkdf2(), it looks like the if (!digest) check can be moved
up after EVP_get_digestbyname() as well...?
Cheers
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
be moved "out of the way" if marked cold...
[1] https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html
Thoughts?
Thanks,
Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
H Dmitry,
- Original Message -
From: "Dmitry Stogov"
Sent: Tuesday, August 11, 2015
On Tue, Aug 11, 2015 at 11:10 PM, Matt Wilmas
wrote:
[...]
Look at e.g. is_numeric() or strpos() (needle). Plain zval param
parsing,
so NO ZVAL_DEREF() occurs (FAST_ZPP or traditional)
Hi Nikita,
- Original Message -
From: "Nikita Popov"
Sent: Tuesday, August 11, 2015
On Tue, Aug 11, 2015 at 10:10 PM, Matt Wilmas
wrote:
[...]
Look at e.g. is_numeric() or strpos() (needle). Plain zval param
parsing,
so NO ZVAL_DEREF() occurs (FAST_ZPP or traditional)
Hi Dmitry,
- Original Message -
From: "Dmitry Stogov"
Sent: Tuesday, August 11, 2015
Hi Matt,
On Tue, Aug 11, 2015 at 9:00 PM, Matt Wilmas
wrote:
Hi again,
- Original Message -----
From: "Matt Wilmas"
Sent: Tuesday, August 11, 2015
Hi Dmitry, all,
Hel
Hi again,
- Original Message -
From: "Matt Wilmas"
Sent: Tuesday, August 11, 2015
Hi Dmitry, all,
Help me understand this. :-) It's been more puzzling to me recently since
just coming to the part of optimizing traditional ZPP (sharing part with
FAST_ZPP...).
Wi
arams? Shouldn't
have 2 FAST_ZPP ZVAL types? Otherwise, why the inconsistency zpp's 'z'?
What am I missing, if anything?? Thanks!
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
inely interested
to take a look.
Hope that clarifies,
Matt
> On Aug 6, 2015, at 14:34, Anthony Ferrara wrote:
>
> Matt,
>
>> You are of course welcome to disagree with the overwhelming body of security
>> advice that parameterized queries are the correct, secure way to
Hi Pierre,
- Original Message -
From: "Pierre Joye"
Sent: Thursday, August 06, 2015
On Aug 6, 2015 1:49 PM, "Matt Wilmas" wrote:
Hi Levi,
- Original Message -
From: "Levi Morrison"
Sent: Thursday, August 06, 2015
Don't know about Win
iltin_constant_p() instead of a macro trick.
And second, using a variable length array, with size set by, well, a
variable, which I think VS still doesn't support from C99, right? (It's for
a "variable" in this case, but always the same, so should optimize like a
compile-tim
was blocked and how they can restructure their
query so that it's not vulnerable to SQL injection any more. By doing this
/as the developer writes code/, rather than via some static analysis tool
or security audit weeks or months later, developers will quickly discover
that writing parameterized queries
Hi Dmitry,
- Original Message -
From: "Dmitry Stogov"
Sent: Monday, August 03, 2015
Hi Matt,
On Wed, Jul 22, 2015 at 11:16 PM, Matt Wilmas
wrote:
Hi again Dmitry, all,
Hopefully the final update on this, before all is revealed... :-)
[...]
I tried to rush and finish
y systematically. The impact of
them getting it wrong can be catastrophic to companies and is a major
threat to users' online privacy when their data gets compromised. I think
having PHP give developers a hand to write code that is unambiguously safe
from hackers would be a good for whole PHP
Hi all,
- Original Message -
From: "Matt Wilmas"
Sent: Wednesday, July 08, 2015
Hi Kalle,
- Original Message -
From: "Kalle Sommer Nielsen"
Sent: Wednesday, July 08, 2015
Hi Matt
2015-07-08 17:00 GMT+02:00 Matt Wilmas :
Hi all,
- Original Messa
place, when it's useless to
have anything but a plain cast there. :-)
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
webapplication
developers who follow this guidance to enforce it at the language level to
ensure that they don't let a single SQL-injectable query "through the net".
Enabling this feature encourages developers to write code that is secure
even when this feature is disabled.
Hope th
user-submitted SQL statements to the
database by design? ==
This is accounted for in the RFC. Developers will be able to explicitly
mark SQL queries as disabling the SQL-injection feature for the queries
that explicitly warrant this (PHPMyAdmin being a good example). Again, this
is only relevant i
tching.
So how about prefetching "further"/more interations ahead...?
Thanks. Dmitry.
Hope it helps,
Bogdan
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
okes
to do it a "feels safe" rather than "is safe" way.
What do you all think? There's obviously a bit more work to do; the PoC
currently only covers mysqli_query, but I thought this stage is an
interesting point to throw it open to comments before working to complete
it.
Matt
Hi again Dmitry, all,
Hopefully the final update on this, before all is revealed... :-)
- Original Message -
From: "Matt Wilmas"
Sent: Tuesday, July 07, 2015
Hi again Dmitry, all,
[...]
Just an update... I didn't abandon this; quite the opposite! I thought
I
; RFCs on the Wiki were closed with 0 votes cast in favor or
against. Is proposing RFCs via the Wiki still the preferred mechanism for
proposing features in PHP?
Matt
To develop core security features, security enhancements and performance
enhancements for PHP Core (i.e. the C code for Zend and PHP Core, not PHP
extensions or PHP applications). Initially I\'ll be focusing on
integrating compiler and security level improvements to PHP binaries.
I have already
Hi all,
I'm Matt Tait; a security researcher at Google, and I'm quite interested in
looking at and helping to build new security-related features within PHP;
i.e. features that reduce the likelihood that deployments of PHP end up
being hacked.
In the short term, I'm quite intere
Hi Kalle,
- Original Message -
From: "Kalle Sommer Nielsen"
Sent: Wednesday, July 08, 2015
Hi Matt
2015-07-08 17:00 GMT+02:00 Matt Wilmas :
Hi all,
- Original Message -
From: "Levi Morrison"
Sent: Sunday, May 10, 2015
Again, this is a C11 feature. It i
make two versions with a compiler check.
e.g. for MSVC or GCC >= 3, but I don't know what else...
Thanks,
Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Anatol,
- Original Message -
From: "Anatol Belski"
Sent: Monday, July 07, 2015
Hi Matt,
-Original Message-----
From: Matt Wilmas [mailto:php_li...@realplain.com]
Sent: Tuesday, July 7, 2015 4:10 AM
To: Internals; Kalle Sommer Nielsen
Cc: Anatoliy Belsky; Dmitry Stog
Hi again Dmitry, all,
- Original Message -
From: "Dmitry Stogov"
Sent: Monday, June 29, 2015
On Sat, Jun 27, 2015 at 12:36 AM, Matt Wilmas
wrote:
Hi Dmitry, all,
[...]
Yeah, I knew how the traditional ZPP worked, just wondered about any
certain "problem area.&quo
be nice if it was before 7.1...
Of course, for my personal use, I really don't care since I can use them
right away. But I think the PHP-Postgres community needs them and would be
glad!
Thanks,
Kalle, Anatol & Ferenc
Thanks,
Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
wback of the "inlined FAST_ZPP."
So perhaps we WILL be able to use it in every case, depending what
Dmitry/others think when I share it shortly. :^)
- Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi Dmitry, all,
- Original Message -
From: "Dmitry Stogov"
Sent: Thursday, June 25, 2015
On Wed, Jun 24, 2015 at 1:35 PM, Matt Wilmas
wrote:
Hi Dmitry, all,
- Original Message -
From: "Dmitry Stogov"
Sent: Wednesday, June 24, 2015
We should NOT use
types/values help at all?
Or is it just the internals of ZPP that are inherently slow...? :-/ Or
that's fine but the "mechanism" of getting there is the issue?
Thanks,
Matt
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
1 - 100 of 443 matches
Mail list logo
