Re: [PHP-DEV] Mitigate “Magellan vulnerabilitites” in PHP 7.2?

Thanks Christoph! Just to be clear, this patch doesn't prevent security issues if you don't update your SQLite3 library, it just implements a new option available in newer SQLite versions which will prevent arbitrary changes to the internals of a SQLite database only if you SQLite3 library is

Re: [PHP-DEV] open_basedir?

Kia ora, I'm against deprecating it or removing it. As said earlier, it has some security value, especially with mass hosting. If I'm hosting thousands of websites for thousands of users, using chroot is not doable, and open_basedir is a good alternative (at least it's better than nothing).

Re: [PHP-DEV] The real world ...

If you're so keen on providing the user something to see without having to use display_errors=on: Have you had a look at https://php.net/register_shutdown_function ? You can always use that to figure out whether there was a fatal error and then display something nice to the user. No leaked stack

Re: [PHP-DEV] The real world ...

Le 13/06/2019 14:20, Lester Caine a écrit : On 13/06/2019 13:04, Andrey Andreev wrote: You have logs to see the errors; relying on your users to report the actual error messages to you is the worst way to do it. How many website logs can you manage on a daily basis? Given the volume of materia

[PHP-DEV] Help with memory leak on zend_call_function

Hi all, I am working on this PR: https://github.com/php/php-src/pull/4797 It implements the ability to set a userland callback function that would allow or deny SQL queries in SQLite using its internal authorizer logic. This is a native feature of SQLite that is currently missing from the PHP

Re: [PHP-DEV] OBJECT_OPERATOR vs. DOUBLE_COLON

Le 06/07/2017 16:46, Stanislav Malyshev a écrit : Hi! I think that using :: on a variable that contains an object should not "fall back" to a static access on the object's class. Instead the runtime should error out. Why should it not do what it does now? What would it achieve? I don't see an

[PHP-DEV] Matching PDO_SQLite features with SQLite3 extension

Hi people of the PHP world, I just have proposed a patch to have SQLite3 open_blob feature implemented in PDO_SQLite: https://github.com/php/php-src/pull/2698 This follows my patch to implement this feature in the SQLite3 extension a few months ago. Now my aim is to implement missing featur

Re: [PHP-DEV] Matching PDO_SQLite features with SQLite3 extension

Le 22/08/2017 07:55, Adam Baratz a écrit : A new method is an API change to me, so an RFC would be warranted. I'm reluctant to add driver-specific methods, since that seems opposed to PDO's driver-agnostic API, but that's not to say we couldn't hash something out. Do we need a RFC every time

Re: [PHP-DEV] Matching PDO_SQLite features with SQLite3 extension

Yes, because once it lands in core, it sticks around for almost eternity. Yeah but is it necessary for something that is just missing, because the pdo_sqlite implementation is incomplete, and is basically following what already exists, without changing anything? That change was implemented i

Re: [PHP-DEV] Matching PDO_SQLite features with SQLite3 extension

PDO is already a mess, and adding method that appear/disappear dynamically whether you enable an extension or not... is a horror show. From my PoV, since we (doctrine) have to abstract away from it all the time, we'd rather have it as tidy and well-thought-out as possible, especially since there

Re: [PHP-DEV] Matching PDO_SQLite features with SQLite3 extension

Le 23/08/2017 16:57, Marco Pivetta a écrit : I suggest adding dedicated functions that given a PDO instance and the parameters you needed do what you want to do. So if I understand correctly: $pdo = new PDO('sqlite::memory:'); $extended = new PDO_Extended_SQLite($pdo); $blob = $extended->openB

[PHP-DEV] Request access to wiki for RFC on implementing missing pdo_sqlite features

Kia ora, I'm requesting access to wiki to be able to write the RFC on implementing missing pdo_sqlite features, following pull request https://github.com/php/php-src/pull/2698 and discussion on this list. My account on the wiki is "bohwaz". Cheers. -- PHP Internals - PHP Runtime Developmen

Re: [PHP-DEV] Request access to wiki for RFC on implementing missing pdo_sqlite features

Hello, anyone? :) Kia ora, I'm requesting access to wiki to be able to write the RFC on implementing missing pdo_sqlite features, following pull request https://github.com/php/php-src/pull/2698 and discussion on this list. My account on the wiki is "bohwaz". Cheers. -- PHP Internals - PHP

[PHP-DEV] [RFC] [Discussion] Implement SQLite "openBlob" feature in PDO

Kia ora, following my patch and discussions on this list, here is the RFC requested by some people here to implement "openBlob" in the pdo_sqlite driver, to match the "openBlob" method from the SQLite3 extension. https://wiki.php.net/rfc/implement_sqlite_openblob_in_pdo Discussion should hap

Re: [PHP-DEV] Re: [RFC] [Discussion] Implement SQLite "openBlob" feature in PDO

PDO already has support for large objects (LOBs)[1]. I don't know if and how these are supported by the pdo_sqlite driver, but wouldn't it make sense to use the existing API instead of introducing a new method? [1] Very interesting indeed, didn't kn

Re: [PHP-DEV] Re: [RFC] [Discussion] Implement SQLite "openBlob" feature in PDO

On 02/10/17 01:48, BohwaZ/PHP wrote: So for me the use case is quite different here, and openBlob allows stuff that PDO::PARAM_LOB with bindColumn and bindParam cannot allow currently. In conclusion openBlob is still useful as it allows accessing a BLOB outside of a statement and allows to

Re: [PHP-DEV] Re: [RFC] [Discussion] Implement SQLite "openBlob" feature in PDO

Taking it to a better solution is that the method sqliteCreateFunction shouldn't exist on the PDO class, but instead on a PDOSqlite that extends PDO. class PDOSqlite extends PDO { public function createFunction(...) {...} } class PDO { public static function connect(string $dsn [, strin

Re: [PHP-DEV] Re: [RFC] [Discussion] Implement SQLite "openBlob" feature in PDO

I believe that's how PDO::PARAM_LOB is intended to work (based on my reading of the docs and implementations for other drivers). It seems like more of a convenience than anything, though maybe someone had more ideas for how it should work across drivers and never got to follow through on it.

[PHP-DEV] [RFC] [VOTE] Implement missing SQLite feature "openBlob" in PDO

Kia ora, After some more discussions, I don't think we have much left to discuss on that topic, so… Voting is now open for 2 weeks on this RFC: https://wiki.php.net/rfc/implement_sqlite_openblob_in_pdo Vote will end on Wednesday the 25th of October. Thanks to everyone who contributed to the

Re: [PHP-DEV] [RFC] [VOTE] Implement missing SQLite feature "openBlob" in PDO

Hey, For people voting against the RFC, could you please explain your vote here so that we might understand? Cheers. Kia ora, After some more discussions, I don't think we have much left to discuss on that topic, so… Voting is now open for 2 weeks on this RFC: https://wiki.php.net/rfc/imp

Re: [PHP-DEV] [RFC] [VOTE] Implement missing SQLite feature "openBlob" in PDO

Le 12/10/2017 12:00, Dan Ackroyd a écrit : On 11 October 2017 at 22:03, BohwaZ/PHP wrote: Hey, For people voting against the RFC, could you please explain your vote here so that we might understand? Cheers. I think people were reasonably clear during the discussion. Having certain

Re: [PHP-DEV] New website for the PHP project

Le 04/02/2019 01:14, azjezz a écrit : In my opinion, current design looks old, outdated and bland. This sadly may reflect "badly" on the language reputation nowadays. I find that the main PHP website is quite good actually, the design looks modern, it is quite clear and easy to use and it prov

Re: [PHP-DEV] New website for the PHP project

Could not find anything about PDOStmt::setParam either, but I fixed it for you: http://php.net/pdostatement_bindparam You're welcome ;) Ah ah good catch :) I meant bindParam obviously ^^ The fact is http://php.net/bindparam will return nothing about PDOStatement::bindParam which is kind of wei