Search Discussions

70 discussions - 971 posts

  • Voting is now open with options which PHP version to release with and how to name it (since some seem to prefer the more compact __debug()) https://wiki.php.net/rfc/debug-info
    Sara GolemonSara Golemon
    Feb 3, 2014 at 8:06 pm
    Feb 12, 2014 at 11:42 pm
  • Hi internals, as I've received no further feedback I've opened the voting on "Timing attack safe string comparison function": - https://wiki.php.net/rfc/timing_attack Voting ends on 2014/02/09 ...
    Rouven WeßlingRouven Weßling
    Feb 2, 2014 at 10:50 pm
    Mar 19, 2014 at 2:31 am
  • I was playing with the most recent snap builds and, as expected, the openssl delegation to OS maintained certificate stores does not work in windows (like it does everywhere else). In sane distros ...
    Daniel LowreyDaniel Lowrey
    Feb 3, 2014 at 6:08 pm
    Mar 2, 2014 at 9:07 pm
  • Hi all, I thought it might be good for us to have declaring minimum PHP version required to execute script. http://jp1.php.net/manual/en/control-structures.declare.php Something like <?php ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 3, 2014 at 6:58 am
    Feb 5, 2014 at 5:40 pm
  • Morning Internals [, and Dmitry :)], I came across a reason to think about assertions again today, my original, pretty radical, patch was worked on by dmitry, I updated the RFC a while ago but ...
    Joe WatkinsJoe Watkins
    Feb 2, 2014 at 11:25 am
    Feb 5, 2014 at 10:22 pm
  • Hi all, This is a little improvement for HTML escape. https://wiki.php.net/rfc/secure-html-escape "/" escape is recommended by OWASP and we may follow them. Any comments? Regards, -- Yasuo Ohgaki ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 2, 2014 at 3:10 am
    Feb 23, 2014 at 5:03 am
  • hi, About the timing attack RFC, I have asked for some review and advice and here is a useful one already, thanks Alex :) Please keep him as CC as I do not know if he is on this list. Cheers, ...
    Pierre JoyePierre Joye
    Feb 5, 2014 at 10:20 am
    Feb 12, 2014 at 4:30 pm
  • Hi all, "Optional PHP tags by php.ini and CLI options" RFC has been discussed very long time. https://wiki.php.net/rfc/nophptags I would like to know is there anyone who would like not to have this ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 10, 2014 at 7:36 am
    Feb 15, 2014 at 12:04 am
  • hi, Unicode still remains one of the top requested features in PHP. However as Rasmus and other stated earlier, it is not a trivial job. Some of the keys point we need to take care of are: - UTF-8 ...
    Pierre JoyePierre Joye
    Feb 20, 2014 at 5:54 am
    Mar 14, 2014 at 10:12 pm
  • hi, There are a lot of additions and discussions about entropy source and (P)RNG lately. PHP already has a ini setting to define a strong entropy source for the session module, which defaults to ...
    Pierre JoyePierre Joye
    Feb 7, 2014 at 11:25 am
    Feb 15, 2014 at 12:50 pm
  • Hi all, Secure Session Module Options by Default https://wiki.php.net/rfc/secure-session-options-by-default Session is core of web security. Therefore, default should be as secure as possible by ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 1, 2014 at 10:34 pm
    May 12, 2014 at 8:14 am
  • Hi all, uniqid() is producing unique ID for the system which is good for email's message ID etc. Many users are using uniqid() as secure unique ID which is very bad thing to do for security. It may ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 2, 2014 at 4:33 am
    Feb 3, 2014 at 9:26 pm
  • Hi all, This RFC changes default session settings and introduces a new setting that disables possible timing attack against session ID. All of them help to improve general session ID security except ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 17, 2014 at 4:28 am
    Feb 24, 2014 at 2:09 pm
  • hi, I put my thoughts and summary of the recent discussions about what could be PHP 6 here: https://wiki.php.net/ideas/php6 Things like "we should name it php7" has not been covered, for one obvious ...
    Pierre JoyePierre Joye
    Feb 17, 2014 at 6:28 am
    Feb 21, 2014 at 1:13 pm
  • Hi, I just submitted a PR (https://github.com/php/php-src/pull/588) to allow utf-8 chars to be included in file names that are put into a phar file. I thought I'd ask for feedback here as it would be ...
    Dan AckroydDan Ackroyd
    Feb 13, 2014 at 9:55 pm
    Apr 25, 2014 at 8:29 am
  • Hi all, Since this RFC is declined, https://wiki.php.net/rfc/multibyte_char_handling We need another short term resolution for it at least. Any suggestions? Regards, -- Yasuo Ohgaki <span ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 24, 2014 at 9:41 am
    Mar 1, 2014 at 12:20 am
  • Hey folks, I've written up an RFC/Patch to gauge interest and get feedback on the addition of a combined comparison (aka: spaceship) operator. You can see the RFC at ...
    Davey ShafikDavey Shafik
    Feb 13, 2014 at 3:58 am
    Feb 14, 2014 at 4:10 pm
  • Voting is now open for the Improved TLS Defaults RFC and will run through Wednesday Feb. 19: https://wiki.php.net/rfc/improved-tls-defaults#vote Note that while the implementation is vote-ready at ...
    Daniel LowreyDaniel Lowrey
    Feb 11, 2014 at 8:08 pm
    Feb 20, 2014 at 8:04 pm
  • Hello internals, there has already been a lot of talk about improving secure random number generation for PHP6. One thing I'd like to improve as well, would be non-secure random number generation ...
    Rouven WeßlingRouven Weßling
    Feb 23, 2014 at 6:45 pm
    Feb 27, 2014 at 10:34 pm
  • I think an explanation of my recent posts is probably due. The bulk of my income is from council and other local authority customers who are required to jump through many often difficult to identify ...
    Lester CaineLester Caine
    Feb 8, 2014 at 11:49 am
    Feb 8, 2014 at 9:12 pm
  • Hi internals! I opened the vote on the array of RFC: https://wiki.php.net/rfc/arrayof#vote Voting will end 2014/03/07 Phil
    Philip SturgeonPhilip Sturgeon
    Feb 28, 2014 at 4:32 pm
    Mar 3, 2014 at 8:39 pm
  • Hello guys, What is the current status of the named params implementation (RFC [1])? According to RFC it's under discussion and proposed for 5.6 release. Can we really expect this feature in 5.6 ...
    Gleb GolubitskyGleb Golubitsky
    Feb 21, 2014 at 12:15 pm
    Feb 27, 2014 at 12:44 pm
  • Hello. ^^ I just wanted to ask, if there is a singleton implementation? The current one is rather „hackish“, by using a static property, initializer and a function to itneract with it all. Sadly, I ...
    Kevin IngwersenKevin Ingwersen
    Feb 5, 2014 at 10:19 am
    Feb 5, 2014 at 6:27 pm
  • Hi, I've just wanted to mention that after some discussion with Julien and considering the small number of unresolved open RFCs, we decided that the next release after alpha3(which is already tagged ...
    Ferenc KovacsFerenc Kovacs
    Feb 27, 2014 at 9:04 am
    Mar 11, 2014 at 12:58 pm
  • Hi all, Current PHP has security issue that attacker may execute arbitrarily script via encoding based attack. These 2 RFCs are for short and long term resolution for this issue. Short term ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 10, 2014 at 3:57 am
    Feb 20, 2014 at 10:55 am
  • Hi internals, To complement array_search(), I'm gauging the interest in adding the following function: mixed array_usearch(array $haystack, callable $fn, int $flags = 0) It returns the first array ...
    Tjerk MeestersTjerk Meesters
    Feb 6, 2014 at 2:38 pm
    Feb 9, 2014 at 2:02 am
  • Hi, here another idea for PHP 6 the simply means removing the datatype "resource" because and convert current resources into classes/objects as it's already done with GMP. Because resources are ...
    Marc BennewitzMarc Bennewitz
    Feb 21, 2014 at 8:07 pm
    Mar 6, 2014 at 5:29 pm
  • Hi internals! I wrote a patch to expose PCRE mark information in PHP, see https://github.com/php/php-src/pull/609/files. The last passed *MARK will be added to the $matches array under key "MARK". If ...
    Nikita PopovNikita Popov
    Feb 28, 2014 at 8:37 pm
    Mar 18, 2014 at 2:54 pm
  • So, when trying to upload the latest Xdebug release I get this *incorrect* nonsense preventing me from making a release: ERROR: The compliance between the package version in package.xml and extension ...
    Derick RethansDerick Rethans
    Feb 28, 2014 at 4:47 pm
    Feb 28, 2014 at 6:36 pm
  • Hello, We just released PHP 5.5.10 RC1 , which you can download from http://downloads.php.net/jpauli/ You can test it and report any bugs or regressions that you may notice using the bug system at ...
    Julien PauliJulien Pauli
    Feb 20, 2014 at 11:56 am
    Feb 22, 2014 at 12:15 am
  • Hey. Just a while ago, i started writing a C++ library, that I would like to utilize in PHP. Since the original aproach was made in C++, I would like to keep the OOP syntax in PHP. Already, months ...
    Kevin IngwersenKevin Ingwersen
    Feb 13, 2014 at 8:22 pm
    Feb 14, 2014 at 9:54 am
  • mcrypt_create_iv() is the cleanest access to a universal system-level primitive that supports both /dev/urandom and php_win32_get_random_bytes() under the hood. Unfortunately, it resides in ...
    Thomas HruskaThomas Hruska
    Feb 7, 2014 at 7:05 am
    Feb 7, 2014 at 9:28 pm
  • Hi all, I almost forgot to start vote for this RFC. This RFC is to introduce options to session_start(). Options are read_only, lazy_write, unsafe_lock and lazy_destroy. lazy_destroy is bug fix in ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 13, 2014 at 3:40 am
    Mar 16, 2014 at 6:12 am
  • These two files in PHP-5.6 branch actually are the same than master. I just noticed that when I wanted to write about the merge of pow operator RFC… Could someone please fix that one? Bob
    Bob WeinandBob Weinand
    Feb 6, 2014 at 8:53 am
    Feb 6, 2014 at 2:14 pm
  • Hi, as the concerns on the BC breach by zpp and macros changes are huge, we've invented the below to make the essential change only visible. This branches have zpp and macros change reverted (like #2 ...
    Anatol BelskiAnatol Belski
    Feb 1, 2014 at 12:30 pm
    Feb 5, 2014 at 11:39 pm
  • Hi all, Build OpenSSL Module by Default https://wiki.php.net/rfc/build-openssl-by-default Internal developers and application developers' life could be a lot easier if OpenSSL can be used always ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 3, 2014 at 5:16 am
    Feb 4, 2014 at 6:55 am
  • Hi, I was recently answering a question about null byte injection into PCRE and the OP claimed that a pattern such as "~.+~e\x00u" would be accepted; they were using 5.3. The commit that fixed it was ...
    Tjerk MeestersTjerk Meesters
    Feb 18, 2014 at 7:43 pm
    Feb 20, 2014 at 10:30 pm
  • Hi, Just trying to make sure before opening a bug, have someone built mysqli in 5.6.0 alpha2? Used this configure flag: --with-mysqli=shared,/usr/bin/mysql_config mysql: 5.5.35 ...
    Lior KaplanLior Kaplan
    Feb 15, 2014 at 5:01 pm
    Feb 16, 2014 at 7:08 am
  • I propose that we increase the minimum duration for an RFC to be in the voting phase from one week to something longer. The rationale is quite simple: - One week is often not enough time for me to ...
    Levi MorrisonLevi Morrison
    Feb 4, 2014 at 9:47 pm
    Feb 5, 2014 at 6:10 am
  • Hi, we have the plan to change types we use for zval data. A common place we use this in is the family of zend_parse_[method_]parameters[_ex] functions. The issue there is that those a variadic so ...
    Johannes SchlüterJohannes Schlüter
    Feb 17, 2014 at 8:42 pm
    Feb 18, 2014 at 5:59 pm
  • Hi all. On our server we infrequently get a warning when session_start() is called. The message says "The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and ...
    Christian StollerChristian Stoller
    Feb 11, 2014 at 7:31 am
    Feb 12, 2014 at 8:20 am
  • Hi, I hope I am submitting this message to the correct list. I have a blocking issue on thread safety in our PHP extension module that we have developed at Saxonica called Saxon/C, which provides ...
    O'Neil DelprattO'Neil Delpratt
    Feb 26, 2014 at 3:58 pm
    Feb 26, 2014 at 5:35 pm
  • Hey. For a long time now, I have been using nodejs and its async methods. I am even working on bridging nodejs and PHP via a native addon…but thats more complex for another thread. But, as I used ...
    Kevin IngwersenKevin Ingwersen
    Feb 25, 2014 at 4:43 pm
    Feb 25, 2014 at 7:22 pm
  • FYI, these are things I plan to work on for the post-5.6 timeframe: - Support for SNI in *servers* (currently only supported by clients) - Support for DTLS (datagram client/server encryption) - ...
    Daniel LowreyDaniel Lowrey
    Feb 12, 2014 at 1:22 pm
    Feb 21, 2014 at 9:18 pm
  • Hi all, We have number of RFC that has been declined. It's good we agree not to introduce proposal. However, it's not good we don't see the reason why. Since RFC is technical discussion, there should ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 13, 2014 at 1:58 am
    Feb 13, 2014 at 6:35 am
  • Hi Pierre, Why is uniqid() is not guarantee uniqueness under windows? https://bugs.php.net/bug.php?id=65626 It seems PHP_WIN32 and __CYGWIN__ check is obsolete. Could it be removed? Regards, -- Yasuo ...
    Yasuo OhgakiYasuo Ohgaki
    Feb 8, 2014 at 9:15 pm
    Feb 9, 2014 at 11:34 pm
  • Hi, After Bob merged the pow related changes, executing the new tests with --enable-debug I've got two memory leaks: [tyrael@Ferencs-MacBook-Pro-135 php-src.git (PHP-5.6.0 ✗)]$ cat ...
    Ferenc KovacsFerenc Kovacs
    Feb 6, 2014 at 3:40 pm
    Feb 6, 2014 at 8:34 pm
  • Hello there! I just wanted to ask what the current status for this RFC is: https://wiki.php.net/rfc/deprecated-modifier Currently, I am just browsing thru the RFCs available. Some of them have ...
    Kevin IngwersenKevin Ingwersen
    Feb 2, 2014 at 4:43 pm
    Feb 2, 2014 at 5:41 pm
  • Hi, As a simpler to implement approach to Unicode, could we perhaps support it just by adding an “is UTF-8” flag to strings internally? Then unmodified functions would just see a normal string and ...
    Andrea FauldsAndrea Faulds
    Feb 20, 2014 at 4:17 pm
    Feb 20, 2014 at 8:37 pm
  • This is embarrassing ... So I made the mistake of git pull on each branch (5.4/5/6/master) (without --rebase) before pushing a small update tonight. So when I merged each branch the merge commits ...
    Daniel LowreyDaniel Lowrey
    Feb 19, 2014 at 2:58 am
    Feb 19, 2014 at 10:34 am
Group Navigation
period‹ prev | Feb 2014 | next ›
Group Overview
groupphp-internals @

101 users for February 2014

Yasuo Ohgaki: 211 posts Pierre Joye: 83 posts Lester Caine: 68 posts Stas Malyshev: 50 posts Pádraic Brady: 31 posts Tjerk Meesters: 30 posts Crypto Compress: 27 posts Johannes Schlüter: 27 posts Sara Golemon: 27 posts Daniel Lowrey: 26 posts Ferenc Kovacs: 26 posts Rowan Collins: 25 posts Andrey Andreev: 21 posts Andrea Faulds: 20 posts Sanford Whiteman: 17 posts Nikita Popov: 14 posts Rouven Weßling: 14 posts Julien Pauli: 13 posts Chris Wright: 12 posts Anatol Belski: 11 posts
show more