Maybe this one? http://www.php-security.org/2010/05/03/mops-2010-006-php-addcslashes-interruption-information-leak-vulnerability/index.html
Tyrael On Wed, May 5, 2010 at 1:26 PM, Mark Skilbeck <markskilb...@gmail.com>wrote: > What exploits are there for __toString()? Just wondering. > > > On 05/05/2010 07:50, Dmitry Stogov wrote: > >> Hi Moriyoshi, >> >> I took just a quick look through the patch, but for me it looks like a >> bad idea. Introducing new magic function may bring a lot of troubles and >> open a new door for exploit writer (we already have problems with >> __toString() method). Also I afraid, this magic method will make php >> slower even if scripts don't use this future (at least the patch >> disables code specialization for ZEND_INIT_METHOD_CALL) and make some >> future type propagation optimizations non-applicable. At last the patch >> introduces 18 new grammar conflicts and I think it's not acceptable. >> >> Thanks. Dmitry. >> > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
