Re: [PHP-DEV] [RFC] Constant Scalar Expressions

could provide a nice encapsulation for things > like stream_wrapper_register() calls. > Related - Python metaclasses <3 Arpad

Re: [PHP-DEV] Session Id Collisions

in general. It's a real pity that missed the 5.5 boat. I'll have a think if there's a way to do this with BC, or at least to fail better. Arpad

Re: [PHP-DEV] Session Id Collisions

Hi Yasuo, On Mon, Aug 5, 2013 at 7:46 PM, Yasuo Ohgaki wrote: > On Tue, Aug 6, 2013 at 1:04 AM, Arpad Ray wrote: > >> I think there really should be a vote. > > > This means you don't really understand the true risk of this vulnerability. > It allows permanent ses

Re: [PHP-DEV] Session Id Collisions

Hi Yasuo, On Mon, Aug 5, 2013 at 11:38 AM, Yasuo Ohgaki wrote: > On Mon, Aug 5, 2013 at 7:26 PM, Arpad Ray wrote: > >> Could you point me to where this was decided please? I don't see a vote >> or anything like a consensus in the previous threads. > > > There is

Re: [PHP-DEV] Session Id Collisions

Hi Yasuo, On Mon, Aug 5, 2013 at 11:10 AM, Yasuo Ohgaki wrote: > > On Mon, Aug 5, 2013 at 7:05 PM, Arpad Ray wrote: > >> I'm not against the idea in principle but still think having a security >> feature which just quietly fails if you're not using one of two mod

Re: [PHP-DEV] Session Id Collisions

Hi Yasuo, On Mon, Aug 5, 2013 at 10:50 AM, Yasuo Ohgaki wrote: > On Mon, Aug 5, 2013 at 6:22 PM, Arpad Ray wrote: > >> I thought we were in agreement about doing this properly in PHP.next? My >> arguments against this version of the patch still stand: > > > We had

Re: [PHP-DEV] Session Id Collisions

g this properly in PHP.next? My arguments against this version of the patch still stand: On Thu, Jun 27, 2013 at 11:51 AM, Yasuo Ohgaki wrote: > Hi Arpad, > > 2013/6/27 Arpad Ray > >> I see the strict mode check is now implemented in the handlers and not >> session.c,

Re: [PHP-DEV] Language constructs and callability

gt; I agree this is a largely pointless can of worms, but here's my POC from yesterday in case anyone wants to play with it: https://gist.github.com/arraypad/6044439 Arpad

Re: [PHP-DEV] Language constructs and callability

hen you can write hopelessly impenetrable > code? :) > > Yes, quite, let's just pretend this thread never happened ;) Arpad

Re: [PHP-DEV] Language constructs and callability

u do with constructs like define() or include()? Arpad

Re: [PHP-DEV] Session Id Collisions

function in the structure (as in your original patch) and do this only in PHP.next. Having such an ini setting which quietly fails if using an unsupported handler is not good. I guess you could keep a whitelist of supported handlers but that's also obviously far from ideal. Regards, Arpad

Re: [PHP-DEV] Re: [VOTE] Removal of curl-wrappers

s should err heavily on the side of caution, and this process has been quite the opposite. (Is a 6-line RFC a record? ;) Regards, Arpad On Tue, Apr 23, 2013 at 10:05 PM, Pierrick Charron wrote: > David, All, > > I just committed the patch to remove curl-wrappers from PHP5.5. It 

Re: [PHP-DEV] [VOTE] Integrating Zend Optimizer+ into the PHP distribution

es, or we throw them out and install a BDFL. > Either way, I don't care. I just think the current > they-sometimes-matter-depending-on-who-and-when-it-is-raised stance is > deeper than BS, it's dangerous and is actively turning away contributors > (as well as harming the project)... > Oh, please... Arpad

Re: [PHP-DEV] Purpose of voting

he narrow cast you provided. People voting "no" based on the implementation were the least of your worries. Arpad

Re: [PHP-DEV] C# properties vs. accessors RFC

t the lack of consistency in PHP enough already. I also think that in the RFC, it's a bit disingenuous to only mention this limitation in a comment on the 38th line of a code example Regards, Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] [VOTE] array_column() function

> something I have planned for 5.6. I'd love to see list/dict comprehensions in PHP :) Arpad

Re: [PHP-DEV] Re: Go for votes for the open tag-less PHP files

nd if the vote is negative, we can save a significant amount of time and effort, and can concentrate on more plausible subjects. Cheers, Arpad

Re: [PHP-DEV] SessionHandlerInterface vs Built in Memcache handler

n the general mailing list not internals. Whether the flexibility of having that code in userland is worth the inherent performance penalty is up to you. Don't forget you can use the SessionHandler class to override particular parts of the native handler where necessary. Arpad

Re: [PHP-DEV] Github Pull Request

tter to ignore them and keep focused on the true issues, than to address them - no matter how calmly worded or light-hearted your response may be. I.E. Let's have a technical debate not a pissing contest ;) Regards, Arpad

[PHP-DEV] Re: Hash problems in session-oo code

On Fri, Nov 11, 2011 at 12:17 AM, Rasmus Lerdorf wrote: > Hey Arpad, looking through the code you added to > ext/standard/basic_functions.c it looks like you are doing some weird > key handling in the shutdown function hash. > > Hi Rasmus, Thanks for the heads up, just fixed

Re: [PHP-DEV] [RFC] New extension proposal: meta

forms will bork otherwise. Regards, Arpad On Sat, Sep 3, 2011 at 10:21 PM, Flavius Aspra wrote: > Hi > > I'm Flavius Aspra and over the past weeks [1] I've worked on a small > extension, which I think it has a lot of potential. Thanks to everyone > for being patient wi

Re: [PHP-DEV] Activation of IGBinary serialization extension in 5.4 by default

On Fri, Aug 19, 2011 at 1:40 PM, Ferenc Kovacs wrote: > On Fri, Aug 19, 2011 at 2:31 PM, Arpad Ray wrote: >> On Fri, Aug 19, 2011 at 1:04 PM, Ferenc Kovacs wrote: >>> the downside would be that if you want to serialize/unserialize the >>> data outside of php, your

Re: [PHP-DEV] Activation of IGBinary serialization extension in 5.4 by default

ld be always a valid serialized string, and > would be easier to get the serialize method than with the prefixing. If my old app couldn't read some newly serialized string, I'd rather it failed hard than apparently succeed but have the wrong data. Regards, Arpad -- PHP Internals -

Re: [PHP-DEV] Activation of IGBinary serialization extension in 5.4 by default

current format. Maybe bundle it in core and provide an ini setting like session.serialize_handler, but I don't think making it the default in 5.4 is an option. Regards, Arpad > > This seems like a no-brainer and a good investment in the speed increase of > PHP by default for the future

[PHP-DEV] [PATCH] Add SORT_NATURAL and SORT_CASE support to array_multisort

CASE can be combined with SORT_STRING or SORT_NATURAL for a case-insensitive sort. I think it's a useful feature with no BC issues, and I'd appreciate any feedback. Regards, Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] [RFC] Object oriented session handlers

nts, although it raises the standard warning, because the default handler would otherwise be left dangling. The new patches (including 5.4 now): http://spellign.com/patches/php-trunk-session-oo11.patch http://spellign.com/patches/php-5.4-session-oo11.patch http://spellign.com/patches/php-sessio

Re: [PHP-DEV] [VOTE] Object oriented session handlers

the RFC thread) - I'll do that and provide a patch against 5.4 in the next few days. Regards, Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] [VOTE] Object oriented session handlers

Hi, Voting is now open for object oriented session handlers. The RFC and patch can be found here: https://wiki.php.net/rfc/session-oo You can vote here: https://wiki.php.net/rfc/session-oo/vote Regards, Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit

Re: [PHP-DEV] [PATCH] Friendly log messages for CLI server

Hi, There's now a request for this: https://bugs.php.net/bug.php?id=55109 Colours are now toggled by the ini setting cli_server.color. I'm still looking into means of excluding the more deceptively incapable terminals but I will support having colours on by default anyway. Regar

[PHP-DEV] [PATCH] Friendly log messages for CLI server

ow, server error=red) - Appends the error message when there's a fatal PHP error Here's an example: http://spellign.com/patches/cli-before.png http://spellign.com/patches/cli-after.png And the patch: http://spellign.com/patches/php-trunk-cli-server-messages.patch I'd appreciate any f

Re: [PHP-DEV] [RFC] Object oriented session handlers

On Mon, Jun 27, 2011 at 5:00 PM, Arpad Ray wrote: > On Mon, Jun 27, 2011 at 4:52 AM, Larry Garfield > wrote: >> I'm a bit confused.  If the session handler goes out of its way to ensure >> that it's the last thing to run, wouldn't that cause an issue if it tri

Re: [PHP-DEV] [RFC] Object oriented session handlers

On Sat, Jun 25, 2011 at 6:13 AM, Arpad Ray wrote: > The most significant change is that the shutdown function registers > another shutdown function when it's called, to (almost) ensure that > it's always the last one, and therefore user shutdown functions should > a

Re: [PHP-DEV] [RFC] Object oriented session handlers

of the automatically registered shutdown function, but this lets those with a custom shutdown procedure handle the session shutdown within the lifetime of the script and save the slight overhead. http://spellign.com/patches/php-trunk-session-oo10.patch http://spellign.com/patches/php-trunk-session-oo

Re: [PHP-DEV] [RFC] Object oriented session handlers

On Mon, Jun 20, 2011 at 10:37 AM, Richard Quadling wrote: > On 20 June 2011 01:39, Arpad Ray wrote: >> On Mon, Jun 6, 2011 at 5:31 PM, Richard Quadling wrote: >>> Not an internals expert, but I do have a question. >>> >>> When would the session handler obje

Re: [PHP-DEV] [PATCH] unregister_shutdown_function()

2011/6/20 Johannes Schlüter : > > (any reason you sent this privately?) Nope, must have hit the wrong button ;) back to the list now. > > On Mon, 20 Jun 2011 18:38:50 +0100, Arpad Ray wrote: >> 2011/6/20 Johannes Schlüter : >>> Why do you register a shutdown functi

[PHP-DEV] [PATCH] unregister_shutdown_function()

inst trunk) is at: http://spellign.com/patches/php-trunk-unregister_shutdown_function.patch N.B. I don't return from the apply func with ZEND_HASH_APPLY_STOP when it matches because it's also possible to register the same function twice (maybe a bug?) Regards, Arpad -- PHP Int

Re: [PHP-DEV] [RFC] Object oriented session handlers

we have the chance to address it while keeping BC now. I've moved the tests into a separate patch so the above differences are clearer: http://spellign.com/patches/php-trunk-session-oo8-tests.patch Regards, Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] [RFC] Object oriented session handlers

last discussed: - More sanity checking to prevent handlers being called in unexpected states - ZTS fixes Any thoughts? Regards, Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Implicit isset/isempty check on short-ternary operator

On Thu, Apr 21, 2011 at 12:56 AM, Arpad Ray wrote: > I've pined for something like coalesce($_GET['foo'], $defaults['foo'], > 42) for years, and I think that style is far more in keeping with the > PHP ethos, and far more readily understandable than this sugge

Re: [PHP-DEV] Implicit isset/isempty check on short-ternary operator

ble than this suggested new syntax. If I've missed some argument against this then please correct me. Regards, Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: Function proposal: varset

tainly possible to implement! > > Btw. i did look at the suggested core php code parts and even though i > can do nearly everything in php.. i have a hard time understanding how > the inner php parsing things actually work. There is no way i'm able > to make a patch for php. &

Re: [PHP-DEV] Bug #52477

s awkward). I haven't had time to work on it but can dig up the latest code if you'd like, it will be another few weeks until I can pick it up again. Regards, Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: $_SESSION numeric index bug

a session key has to be a string. > > Hi, I have a patch ready for the standard serialisation which would indeed fix this - I'll put together an RFC for it this week. Regards, Arpad

Re: [PHP-DEV] [PATCH] session_set_save_handler(class)

t; I don't see anything inherently wrong with having session object. > > I don't think that there's anything inherently wrong with it, just that it's slightly inefficient and offers no benefits since $this isn't available. Regards, Arpad

Re: [PHP-DEV] [PATCH] session_set_save_handler(class)

way it's always parent::foo() whether extending directly from SessionHandler or a child class. It also means users only need to implement the methods they actually use. Regards, Arpad Index: ext/session/config.w32 === --- ext/s

Re: [PHP-DEV] [PATCH] session_set_save_handler(class)

lass represents the current save handler, whichever it is. Here's a minimal example: There's a few more examples in the phpt in the patch. Regards, Arpad

Re: [PHP-DEV] [PATCH] default session serialization

aced zval_add_ref which the attached updated patch fixes. Incidentally, is there any need (in HEAD) to check EG(symbol_table) in the decode function, now that register_globals, session_register et al are gone? Regards, Arpad Index: ext/session/session.c =

[PHP-DEV] [PATCH] default session serialization

definitely some weighing up to do. Any thoughts? Arpad Index: ext/session/session.c === --- ext/session/session.c (revision 291124) +++ ext/session/session.c (working copy) @@ -783,45 +783,10 @@ { smart_str buf = {0}; php_s

[PHP-DEV] [PATCH] session_set_save_handler(class)

o the class entry or the function entries. Or something entirely different.. I'd be grateful for any comments. Arpad Index: ext/session/config.w32 === --- ext/session/config.w32 (revision 291124) +++ ext/session/config.w32 (w

Re: [PHP-DEV] Simple Namespace Proposal

other, classes must be addressed absolutely either in the import or when used, and functions must be addressed absolutely when used, irrespective of imports. I've attached some phpt files to test this, but here's a simple illustration: foo.php: bar.php: Arpad --TEST-- 034: Namespace

Re: [PHP-DEV] register_session_gc_handler proposal

tly. $maxlifetime) { unlink($file); } } return true; } } session_set_save_handler('MySessionHandler'); ?> Any thoughts? Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] magic_quotes_gpc behaviour

Update: I raised this issue as a bug (#41093) because of lack of interest here. It's now been fixed in CVS and will therefore be in 5.2.2 RC2 (thanks Ilia). Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] magic_quotes_gpc behaviour

yet another hole which we can easily fix. The fact that nobody "should" be using it anymore is more of a matter for PHP6, from which it's been removed already. By the way, there have already been BC changes with magic quotes in PHP5 - namely keys being escaped when it was turned

Re: [PHP-DEV] magic_quotes_gpc behaviour

Arpad Ray wrote: So, is this behaviour deliberate, and if so, what's the rationale? The problem seems to be in (5.2.x CVS) php_variables.c, lines 161-166: if (PG(magic_quotes_gpc) && (index != var)) { /* no need to addslashes() the index if i

[PHP-DEV] magic_quotes_gpc behaviour

elds $_GET[a'b][a\'b] = 1. While many other aspects of magic_quotes_gpc have changed, this behaviour seems to have stayed the same since at least PHP 4.2.0, see: http://www.rajeczy.com/compat_gpc_tests.txt So, is this behaviour deliberate, and if so, what's the rationale? Arpad --

Re: [PHP-DEV] Default long/lat. Why?

Actually it seems to be near Yerushalayim (Jerusalem?), Israel which makes some sense given Zend's origins. http://www.mapquest.com/maps/map.adp?searchtype=address&formtype=address&latlongtype=decimal&latitude=31.7667&longitude=35.2333 Arpad Derick Rethans wrote: On Thu,

Re: [PHP-DEV] Re: Upload progress

t for that script - I also set error_reporting there to suppress the warning. I suggest we move this discussion to php-general anyway, since we're no longer talking about internals. Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: Upload progress

s intended for end-users.) I believe you could use $_SERVER/$_ENV['CONTENT_LENGTH'] in CGI, I don't know about the IIS ISAPI module though. Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Upload progress

core, just to point out that it's already possible without a patch. I have some code using this method in case anyone's interested, email me off-list. Arpad Unknown W. Brackets wrote: How is that? You can't get any feedback from PHP (except, now, by installing/writing an exte

[PHP-DEV] Re: [PHP-CVS] cvs: php-src / README.UPDATING_TO_PHP6

ION but _SERVER > 2) EXTR_OVERWRITE is evil > PHP_Compat now supports this type of environmental change, the relevant file being: http://cvs.php.net/viewcvs.cgi/pear/PHP_Compat/Compat/Environment/register_globals_on.php?view=markup&rev=1.3 Maybe this readme should point to it?

Re: [PHP-DEV] Re: PHP 5.1 (Or How to break tousands of apps out there)

me, phpDate, > something else? > > Ilia I'd rather see it ifdef'd for the moment, since renaming wouldn't guarantee anything. Although something like date_ex makes it more difficult to collide with, it also makes it less attractive to use. Would it be renamed again onc

[PHP-DEV] CVS Account Request: arpad

working on a couple of PEAR packages, pear/Validate_UK and pear/HTML_AJAX. Pierre (cvs user: pajoye) will sort out the karma -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] what happened to that new isset() like language

all set. From the manual: bool isset ( mixed var [, mixed var [, ...]] ) Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] what happened to that new isset() like language

Sebastian wrote: > But what about the use of ? as an infix operator? that wouldn't work > out so well because of the ternary ?: > Right, which is why I didn't suggest that. I think Greg's idea of first-existing: is an interesting one (and by the sound of it the most robust). Personally I'd like

Re: [PHP-DEV] what happened to that new isset() like language

used for conditional assignment I think the association isn't all negative. Arpad -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] [PATCH] array_product()

appreciate any feedback, especially since this is my first patch :) Thanks, Arpad Ray Index: ext/standard/array.c === RCS file: /repository/php-src/ext/standard/array.c,v retrieving revision 1.308.2.10 diff -u -u -b -B -r1.308.2.