Hi Xinchen,
The code I used was simply derived from the code of the array_slice
implementation (totally analogous).
Maybe your suggested changes (check HASH_FLAG_PACKED fist + Z_TRY_ADDREF)
should be carried over to array_slice then as well.
Please go ahead and commit a patch, I'd prefer to sti
On 27 July 2016 23:45:10 GMT+01:00, Thomas Bley wrote:
>> In many ways, defining a built-in function e($string, $context) would
>
>> fulfil most of the above.
>
>If things are so easy, why does so much code exist with XSS problems?
Firstly, because there is no such built in function. I don't mean
Hi Yasuo,
> -Original Message-
> From: Yasuo Ohgaki [mailto:yohg...@ohgaki.net]
> Sent: Thursday, July 28, 2016 8:43 AM
> To: Anatol Belski
> Cc: php-...@lists.php.net
> Subject: Re: [PHP-CVS] com php-src: Support Unicode characters in the local
> part of an e-mail address.: ext/filter/fi
Hello Xinchen,
I have noticed two more cases where we could easily use packed arrays.
1. array_merge($packed1, $packed2, ...):
In the quite common case where all arguments are packed arrays, the resulting
array can also be a packed array (as per documentation: "if the input arrays
[...] contai
creating an e() function can be a BC break if people already have an e()
function in their code.
The name e is ambiguous to me, is it escape, error, encrypt?
You are free to provide a better rfc, but having e() being optional will also
make security optional.
Regards
Thomas
Rowan Collins wrote
On 28/07/2016 10:39, Thomas Bley wrote:
creating an e() function can be a BC break if people already have an e()
function in their code.
The name e is ambiguous to me, is it escape, error, encrypt?
You are free to provide a better rfc, but having e() being optional will also
make security opti
Results for project PHP master, build date 2016-07-28 06:28:20+03:00
commit: a05b560
previous commit:687f983
revision date: 2016-07-27 18:26:19-04:00
environment:Haswell-EP
cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores,
stepping 2, LLC 45 MB
On 25.07.2016 at 17:36, Anatol Belski wrote:
>> -Original Message-
>> From: Christoph Becker [mailto:cmbecke...@gmx.de]
>> Sent: Monday, July 25, 2016 10:30 AM
>> To: Davey Shafik ; Anatol Belski
>> Cc: internals@lists.php.net; Ferenc Kovacs
>> Subject: Re: [PHP-DEV] Bundled SQLlite3
>>
Just a thought, but I can't help thinking that "improved escape facilities
and syntax" are a mere patch for a more than superficial problem.
The problem of differentiating HTML strings, which to not require escaping,
from other string, which do, could actually be viewed as a deeper problem,
which
