Supporting strings 'by default' in is_a() has the downside that it
produces slightly unpredictable results. If you are accepting 'mixed'
arguments, some of which may be strings, there is a slim chance that the
string you accept will match the class or it's parent by accident.
Personally if I d
On Sun Oct 16 06:59 PM, Stas Malyshev wrote:
> It definitely makes PHP worse by propagating inconsistent APIs.
I created a patch against 5.4:
https://bugs.php.net/patch-display.php?bug_id=55475&patch=is_a_5.4_alternati
ve&revision=latest
The patch changes the behavior to:
is_a("ab", "b") // false
On Mon, Oct 17, 2011 at 12:59 AM, Stas Malyshev wrote:
> Yes, the security problem was present before the fix was applied
No, it was not. See the examples in the links I pasted earlier.
The code was safe, under controlled context, before this change has
applied. With the change the code become
Hi!
On 10/16/11 2:14 PM, Pierre Joye wrote:
We have discussed that already on security, I barely see a reason to
begin this discussion again. There is a clear possible security
problem, clearly identified and not present before this "fix" was
applied. It is easy to fix and does not make PHP wors
On Sun, Oct 16, 2011 at 9:14 PM, Stas Malyshev wrote:
> Hi!
>
> On 10/16/11 3:39 AM, Pierre Joye wrote:
>>
>> There was example codes in previous discussions, here and on security.
>> The document used for the CVE assignment has some as well.
>>
>>
>> http://www.byte.nl/blog/2011/09/23/security-bu
Hi!
On 10/16/11 3:39 AM, Pierre Joye wrote:
There was example codes in previous discussions, here and on security.
The document used for the CVE assignment has some as well.
http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/
https://bugs.php.net/bug.php?id=5547
On Sun, Oct 16, 2011 at 2:00 AM, Stas Malyshev wrote:
> Hi!
>
> On 10/13/11 5:06 PM, Rasmus Lerdorf wrote:
>>
>> I agree that it is slightly messy, but we have painted ourselves into a
>> bit of a corner with the 5.3 mess. Stas, the whole point here is that
>> changing the is_a() default in 5.3 ca
Hi!
On 10/13/11 5:06 PM, Rasmus Lerdorf wrote:
I agree that it is slightly messy, but we have painted ourselves into a
bit of a corner with the 5.3 mess. Stas, the whole point here is that
changing the is_a() default in 5.3 caused huge problems, including
security ones, so setting allow_string t
On Friday, October 14, 2011 08:06 AM, Rasmus Lerdorf wrote:
On 10/13/2011 04:54 PM, Alan Knowles wrote:
On Thursday, October 13, 2011 11:23 PM, Stas Malyshev wrote:
On 10/13/11 12:39 AM, Alan Knowles wrote:
Can someone apply this to HEAD and PHP_5_4, or let me have karma.
https://bugs.php.net
On 10/13/2011 04:54 PM, Alan Knowles wrote:
> On Thursday, October 13, 2011 11:23 PM, Stas Malyshev wrote:
>> On 10/13/11 12:39 AM, Alan Knowles wrote:
>>> Can someone apply this to HEAD and PHP_5_4, or let me have karma.
>>>
>>> https://bugs.php.net/patch-display.php?bug_id=55475&patch=final_patch
On Thursday, October 13, 2011 11:23 PM, Stas Malyshev wrote:
On 10/13/11 12:39 AM, Alan Knowles wrote:
Can someone apply this to HEAD and PHP_5_4, or let me have karma.
https://bugs.php.net/patch-display.php?bug_id=55475&patch=final_patch_for_5_4_and_HEAD&revision=latest
Thanks
Alan
+/* {
On 10/13/11 12:39 AM, Alan Knowles wrote:
Can someone apply this to HEAD and PHP_5_4, or let me have karma.
https://bugs.php.net/patch-display.php?bug_id=55475&patch=final_patch_for_5_4_and_HEAD&revision=latest
Thanks
Alan
+/* {{{ proto bool is_subclass_of(mixed object_or_string, string
clas
Can someone apply this to HEAD and PHP_5_4, or let me have karma.
https://bugs.php.net/patch-display.php?bug_id=55475&patch=final_patch_for_5_4_and_HEAD&revision=latest
Thanks
Alan
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
13 matches
Mail list logo
