Re: [PHP-DEV] Allow Iterator to be used with current, next, reset, key functions

2016-11-01 Thread Lester Caine
On 01/11/16 05:53, Yasuo Ohgaki wrote: > On Tue, Nov 1, 2016 at 11:53 AM, David Lundgren > wrote: >> > What if we made ArrayIterator transparently wrap all array's? > If you take a look at SPL array object code, you'll see why there are > so many missing functions. It's just pain for me to write

Re: [PHP-DEV] bug classification discussion

2016-11-01 Thread Nikita Popov
On Sun, Oct 30, 2016 at 6:21 AM, Stanislav Malyshev wrote: > Hi! > > So I wrote a first version of the document Anatol mentioned: > > https://wiki.php.net/security > > Please comment. Fixes to the grammar and typos are especially welcome > (you can just do them in the wiki without asking :) > It

Re: [PHP-DEV] Security issue handling

2016-11-01 Thread Christoph M. Becker
On 01.11.2016 at 02:39, Anatol Belski wrote: > […] And as a fallback, if no enough reaction is to see, check other > ways to achieve more QA. […] Not directly related to this thread, but to QA in general: could somebody please fix ? The page is down for m

[PHP-DEV] Je pense que vous êtes aussi sur le web et qu

2016-11-01 Thread Cesar
Bonjour Je crois que vous avez un site web et comme tout webmaster, notre soucis est "Le Référencement" Ces quelques lignes simplement pour vous faire part d'une mise en ligne d'une plateforme de formation en ligne sur le référencement ou SEO. Les formateurs, des professionnels du référe

RE: [PHP-DEV] bug classification discussion

2016-11-01 Thread Anatol Belski
> -Original Message- > From: Nikita Popov [mailto:nikita@gmail.com] > Sent: Tuesday, November 1, 2016 10:32 AM > To: Stanislav Malyshev > Cc: Anatol Belski ; PHP Internals > ; Remi Collet > Subject: Re: [PHP-DEV] bug classification discussion > > On Sun, Oct 30, 2016 at 6:21 AM, St

[PHP-DEV] NEUTRAL Benchmark Results for PHP Master 2016-11-01

2016-11-01 Thread lp_benchmark_robot
Results for project PHP master, build date 2016-11-01 16:24:12+02:00 commit: fec1218 previous commit:4f40cf1 revision date: 2016-11-01 00:18:34+03:00 environment:Haswell-EP cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2, LLC 45 MB

Re: [PHP-DEV] bug classification discussion

2016-11-01 Thread Stanislav Malyshev
Hi! > I'm also wondering under which category unserialize() issues would > (usually) fall. I'd assume "low" (because requires documented insecure > code + well known class of vulnerabilities). I'd say medium. While it's documented that unserializing external strings is unsafe, there is code out t

Re: [PHP-DEV] bug classification discussion

2016-11-01 Thread Stanislav Malyshev
Hi! > Yet one thing seems to be missing - security issue, that only > concerns an unstable branch. Those are probably can be handled as low > severity, as any pre GA or master are not for production anyway. > Still they should not be disclosed until fixed, but should be fine to > fix at any point

RE: [PHP-DEV] bug classification discussion

2016-11-01 Thread Anatol Belski
Hi Stas, > -Original Message- > From: Stanislav Malyshev [mailto:smalys...@gmail.com] > Sent: Tuesday, November 1, 2016 6:14 PM > To: Nikita Popov > Cc: Anatol Belski ; PHP Internals > ; Remi Collet > Subject: Re: [PHP-DEV] bug classification discussion > > Hi! > > > I'm also wondering

Re: [PHP-DEV] bug classification discussion

2016-11-01 Thread Yasuo Ohgaki
Hi Stas, On Sun, Oct 30, 2016 at 2:21 PM, Stanislav Malyshev wrote: > So I wrote a first version of the document Anatol mentioned: > > https://wiki.php.net/security > > Please comment. Fixes to the grammar and typos are especially welcome > (you can just do them in the wiki without asking :) Nic

Re: [PHP-DEV] Security issue handling

2016-11-01 Thread Jakub Zelenka
Hi On Sun, Oct 30, 2016 at 10:09 PM, Stanislav Malyshev wrote: > > > Great, thanks! So besides assigning the issues for the said extensions > to you, what model for coordinating reviews would you prefer? > I'm not sure what the current flow is but it would be great to send info about fixed iss

Re: [PHP-DEV] Security issue handling

2016-11-01 Thread Yasuo Ohgaki
Hi all, On Wed, Nov 2, 2016 at 7:28 AM, Jakub Zelenka wrote: > On Sun, Oct 30, 2016 at 10:09 PM, Stanislav Malyshev > wrote: > > >> >> >> Great, thanks! So besides assigning the issues for the said extensions >> to you, what model for coordinating reviews would you prefer? >> > > I'm not sure wh

[PHP-DEV] Low Hanging Fruit

2016-11-01 Thread Michael Morris
What are some outstanding bugs that should be relatively easy to fix that no one has gotten around to? Low hanging fruit as it were for beginning devs.

Re: [PHP-DEV] Low Hanging Fruit

2016-11-01 Thread Yasuo Ohgaki
Hi Michael, On Wed, Nov 2, 2016 at 3:08 PM, Michael Morris wrote: > What are some outstanding bugs that should be relatively easy to fix that > no one has gotten around to? Low hanging fruit as it were for beginning > devs. Easy is depends on what you know. There are many. You can find them easi