Stanislav, On 25 February 2015 at 23:26, Stanislav Malyshev <smalys...@gmail.com> wrote: > else I can say, provided that what I already said - including > demonstrating trivial workarounds that allow to circumvent this feature > with extreme ease - had no effect.
You keep bringing that up. I keep having to correct you that the RFC does not target your specific example (it's a simple file extension filter). Then, you bring it up again...continuing to ignore the examples provided where it could assist in preventing the whole jpeg EXIF mess in the wild. Nobody is ignoring your example of an unvalidated PHAR upload. It has been responded to more than once. The RFC will not prevent this....because it was never designed to prevent it. It's not even on its radar screen to meddle with phars. >> Is there some sort of meter on Internals where, in the red, there is >> an obligation to fill it back up with FUD, logical fallacies and the >> occasional fib? > > I also would really like for you to stop accusing me of lying. I may be > mistaken, and I am sure I have been many times, but everything I write > here is a product of careful consideration and thought, and aimed at > making PHP better. The next instance you do this, I'm not going to > reply, I'm just going to delete all following communications from you, > from that point, forever. I can handle very spirited technical > disagreement, I'm not new on the internet, but I do not see what use > would be for me to spend my time on being insulted. There are a lot of > more productive uses of my time. If there's no mutual respect here, then > the chance of productive cooperation is nil. I hope we can hold > respectful discussion, even when disagreeing. But if not, then I won't > participate in any other kind. I am more than happy to cooperate and discuss any topic. However, this goes both ways. If you insist on repeating the same point, after it has been addressed, over and over again, then cooperation is going to suffer. Yasuo has demonstrated that the change will prevent a specific vulnerability in the wild. I would ask you to consider that example, and then raise any concern you wish as it pertains to that relevant example which captures the purpose of this RFC very neatly. To say that there is no benefit is simply not true. Paddy -- Pádraic Brady http://blog.astrumfutura.com http://www.survivethedeepend.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
