On Jan 17, 2008, at 10:17 , Stefan Esser wrote:
When someone injects you a cookie like +++action=logout through an
XSS or through a feature like foobar.co.kr can set cookies for
*.co.kr
(in FF atleast).
Ok, you are assuming one security issue here, that is not related to
the topic.
Hello Lukas,
> Ah ok .. sorry for having missed that point. Of course I was assuming
> that the feature worked as advertised. I guess I was thrown off by the
> fact that Stefan initially made it sound like the concept in general
> is flawed and would automatically make an application insecure.
> O
On Thu, Jan 17, 2008 at 10:17:18AM +0100, Stefan Esser wrote:
> So you see that you nearly NEVER ever want the cookie in _REQUEST. And
> even if you can think up a theoretical situation where you don't care
> the problem is that everyone else uses _REQUEST in unsafe places...
> Therefore my recomm
On Jan 17, 2008 3:36 AM, Mário Soares <[EMAIL PROTECTED]> wrote:
> I posted in the pecl-dev malling list, the intention of publishing a new php
> extension. And Pierre suggested to make it available in the php.net cvs.
Confirmed, he is talking about a wxWidget binding for php:
http://news.php.ne
On Jan 16, 2008 11:35 PM, Alan Wagstaff <[EMAIL PROTECTED]> wrote:
> I would like to assist the Doc team in improving the PHP documentation,
> particularly in some of the lesser used and newer extensions.
It would be better if you could post to phpdoc@ your plans and
preferably some patches befor
Heh, there is RFC for everything eh? ;-)
On 17-Jan-08, at 9:37 AM, Lukas Smith wrote:
+Finally, additional hints on how to behave inside the virtual
community can be
+found in RFC 1855 (http://www.faqs.org/rfcs/rfc1855.html).
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Maili
On 17.01.2008 16:59, Dan Scott wrote:
> Thanks for the new SplDoublyLinkedList class - I'm looking forward to taking
> it out for a spin.
>
> Here's a patch for a few minor typos in the method docs:
>
> http://scratchpad.coffeecode.net/proto_typos.diff
There are some problems in the current impl
Thanks for the new SplDoublyLinkedList class - I'm looking forward to taking
it out for a spin.
Here's a patch for a few minor typos in the method docs:
http://scratchpad.coffeecode.net/proto_typos.diff
Dan Scott
On Wed, January 16, 2008 12:54 am, Stefan Priebsch wrote:
> Richard Lynch schrieb:
>> If a web service really doesn't care whether it is responding to GET
>> or POST or even forged COOKIES to product its output, why would it
>> not
>> just use REQUEST?
>>
>> It's not as if it's any harder to forge
On Wed, January 16, 2008 1:45 am, Stefan Esser wrote:
> Stefan Priebsch schrieb:
>> Richard Lynch schrieb:
>>> If a web service really doesn't care whether it is responding to
>>> GET
>>> or POST or even forged COOKIES to product its output, why would it
>>> not
>>> just use REQUEST?
>>>
>>> It's n
Hi,
It seems something has changed recently regarding referencing
constants that has broken my extension and I'm trying to figure out
exactly what the right thing to do is.
When passing a string constant to an extension function, within the
extension I have been saving that string directly for po
On Wed, January 16, 2008 2:17 pm, Stefan Esser wrote:
> It would have been a good idea to have such a configuration option
> that
> allows to specify what is in _REQUEST and what not...
Perhaps it would be wise to add yet another php.ini setting?
[Yeah, I know the usual response to that. Just thi
On 17.01.2008 23:33, Michael B Allen wrote:
> This has worked fine
Are you really sure?
Does valgrind confirm it?
> PHP_FUNCTION(foo_status)
> {
> zval *r;
> char *s = "";
> int slen;
> struct foo *foo = NULL;
>
> if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "z!|s!",
On 1/17/08, Antony Dovgal <[EMAIL PROTECTED]> wrote:
> On 17.01.2008 23:33, Michael B Allen wrote:
> > This has worked fine
>
> Are you really sure?
It has worked just fine under load in production with PHP 5, 5.0 and
5.1. It *seems* there's something different about 5.2.
> Does valgrind confirm
I'am a PHPOpenBiz project manager and working China CerNet Corp.Now I want to
Setting up a php.net mirror site and Adding Chinese test code in phpdoc.also i
want to join spl extension to developing.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.ne
OK everyone's back from holidays and vacations :)
Unless there are any serious objections we'll commit the GC patch on Monday to
both HEAD and PHP_5_3 to get a wider network of testers.
If anything looks fishy and/or people's benchmarks raise concerns we can back
it out of PHP_5_3 (or tweak) if/
On 18.01.2008 04:39, Michael B Allen wrote:
>> You have to copy the string if you want to store it.
>
> Ok. Doesn't look like I have much choice. I just wanted to understand
> the problem better. I'll just copy the strings.
>
> But it does seem odd to me that PHP does not always reference string
On 1/18/08, Antony Dovgal <[EMAIL PROTECTED]> wrote:
> On 18.01.2008 04:39, Michael B Allen wrote:
> >> You have to copy the string if you want to store it.
> >
> > Ok. Doesn't look like I have much choice. I just wanted to understand
> > the problem better. I'll just copy the strings.
> >
> > But
On 18.01.2008 10:33, Michael B Allen wrote:
>> Because you have to copy something that is going to be freed by PHP.
>> That's how it works & worked for ages - you don't have to free the
>> strings you get from zend_parse_parameters() because PHP does it for you.
>
> I newer versions of zend engin
I have someone using my extension who is seeing some strange behavior
where the module initializes which Apache starts, the extension works
perfectly and then, without warning, after about 40 seconds, the
deinitialization routine runs. This kills some state in a global
context and everything goes v
20 matches
Mail list logo
