Re: [PHP-DEV] [VOTE] get_class() disallow null parameter

2016-09-25 Thread Leigh
On Sun, 25 Sep 2016 at 06:29 Pierre Joye wrote: > Also this behavior is clearly documented: > > http://th1.php.net/manual/en/function.get-class.php > > "If object is omitted when inside a class, the name of that class is > returned." > > I am opposed to break BC because we change our mind about h

Re: [PHP-DEV] [VOTE] get_class() disallow null parameter

2016-09-25 Thread Dan Ackroyd
On 25 September 2016 at 06:29, Pierre Joye wrote: > I am pretty sure it is by design (for what I can remember) I do not believe that is correct. The commit message* says: "Restore PHP-5.2 behaviour when passing null inside object scope to get_class()" The commit does not restore the previous b

Re: [PHP-DEV] [VOTE] get_class() disallow null parameter

2016-09-25 Thread Pierre Joye
On Sep 25, 2016 4:29 PM, "Leigh" wrote: > > > > On Sun, 25 Sep 2016 at 06:29 Pierre Joye wrote: >> >> Also this behavior is clearly documented: >> >> http://th1.php.net/manual/en/function.get-class.php >> >> "If object is omitted when inside a class, the name of that class is >> returned." >> >>

Re: [PHP-DEV] [VOTE] get_class() disallow null parameter

2016-09-25 Thread Christoph M. Becker
On 25.09.2016 at 11:29, Leigh wrote: > On Sun, 25 Sep 2016 at 06:29 Pierre Joye wrote: > >> Also this behavior is clearly documented: >> >> http://th1.php.net/manual/en/function.get-class.php >> >> "If object is omitted when inside a class, the name of that class is >> returned." >> >> I am oppo

Re: [PHP-DEV] [VOTE] get_class() disallow null parameter

2016-09-25 Thread Niklas Keller
2016-09-25 15:19 GMT+02:00 Christoph M. Becker : > On 25.09.2016 at 11:29, Leigh wrote: > > > On Sun, 25 Sep 2016 at 06:29 Pierre Joye wrote: > > > >> Also this behavior is clearly documented: > >> > >> http://th1.php.net/manual/en/function.get-class.php > >> > >> "If object is omitted when insid

Re: [PHP-DEV] [RFC] Namespace-scoped declares

2016-09-25 Thread Andrea Faulds
Hi Stas, I agree with you on all of this. Stanislav Malyshev wrote: Hi! The broader context of this proposal is to provide a simple and usable mechanism that will allow developers to opt-in to stricter language semantics on a per-library (or more specifically, per-namespace) basis, thus allev

Re: [PHP-DEV] [VOTE] get_class() disallow null parameter

2016-09-25 Thread Pierre Joye
On Sep 26, 2016 12:09 AM, "Niklas Keller" wrote: > > 2016-09-25 15:19 GMT+02:00 Christoph M. Becker : >> >> On 25.09.2016 at 11:29, Leigh wrote: >> >> > On Sun, 25 Sep 2016 at 06:29 Pierre Joye wrote: >> > >> >> Also this behavior is clearly documented: >> >> >> >> http://th1.php.net/manual/en/fu

[PHP-DEV] Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id()

2016-09-25 Thread Yasuo Ohgaki
Hi all, Timestamp based session management is required to manage session as it should. I've updated the session manual pages a while a ago to explain why. http://php.net/manual/en/session.security.php http://php.net/manual/en/function.session-regenerate-id.php Although session module has over 10

Re: [PHP-DEV] [VOTE] get_class() disallow null parameter

2016-09-25 Thread Niklas Keller
2016-09-25 20:58 GMT+02:00 Pierre Joye : > On Sep 26, 2016 12:09 AM, "Niklas Keller" wrote: > > > > 2016-09-25 15:19 GMT+02:00 Christoph M. Becker : > >> > >> On 25.09.2016 at 11:29, Leigh wrote: > >> > >> > On Sun, 25 Sep 2016 at 06:29 Pierre Joye > wrote: > >> > > >> >> Also this behavior is c

Re: [PHP-DEV] Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id()

2016-09-25 Thread Thomas Bley
why not have a new session module? those who want no change for existing applications keep the old one, new projects can use the new one, those who want more security port their code to the new one. e.g. use session2_start(), etc. Regards Thomas Yasuo Ohgaki wrote on 25. Sept 2016 22:35: > Hi

Re: [PHP-DEV] Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id()

2016-09-25 Thread Paul Jones
> On Sep 25, 2016, at 16:40, Thomas Bley wrote: > > why not have a new session module? those who want no change for existing > applications keep the old one, new projects can use the new one, those who > want more security port their code to the new one. e.g. use session2_start(), > etc. If

Re: [PHP-DEV] Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id()

2016-09-25 Thread Yasuo Ohgaki
Hi Thomas, On Mon, Sep 26, 2016 at 6:40 AM, Thomas Bley wrote: > why not have a new session module? those who want no change for existing > applications keep the old one, new projects can use the new one, those who > want more security port their code to the new one. e.g. use session2_start(),

Re: [PHP-DEV] Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id()

2016-09-25 Thread Yasuo Ohgaki
Hi Paul, On Mon, Sep 26, 2016 at 7:12 AM, Paul Jones wrote: >> On Sep 25, 2016, at 16:40, Thomas Bley wrote: >> >> why not have a new session module? those who want no change for existing >> applications keep the old one, new projects can use the new one, those who >> want more security port t

Re: [PHP-DEV] Fix ReflectionType::__toString() BC break

2016-09-25 Thread Pierre Joye
Also follow the discussion here https://github.com/php/php-src/pull/2137#issuecomment-249353056 On Sep 23, 2016 12:38 PM, "Pierre Joye" wrote: > Adding the RMs. > > Dacey, I think this needs a deeper look and decision. > > On Sep 22, 2016 7:51 AM, "Pierre Joye" wrote: > > > > On Sep 22, 2016 1

[PHP-DEV] Re: Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id()

2016-09-25 Thread Yasuo Ohgaki
Hi all, On Mon, Sep 26, 2016 at 5:35 AM, Yasuo Ohgaki wrote: > Since session management is very important feature for web apps, we > shouldn't keep providing halfway implemented API forever. > Implementation or removal is required. > > I would like to propose either > > timestamp based (precise

Re: [PHP-DEV] Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id()

2016-09-25 Thread Stanislav Malyshev
Hi! > Timestamp based session management is required to manage session as it > should. I've updated the session manual pages a while a ago to explain > why. Could you explain what you mean here? "As it should" is kind of broad :) > http://php.net/manual/en/session.security.php > http://php.net/m

Re: [PHP-DEV] Re: Fixing halfway implemented session management - timestamp based session management OR remove session_regenerate_id()

2016-09-25 Thread Stanislav Malyshev
Hi! > Please read session_regenerate_id() example #2. > > Example #2 Avoiding lost session by session_regenerate_id() In this example, why you do session_commit() in my_session_start()? There's no point in writing stale session. I also see no code that actually removes old sessions - is it by d