I think their work is a good step that PHP needed for a while. I also think it's an ongoing project, and not a one-time pass.
Looking at the patch, the vast majority of changes made don't actually fix bugs, but rather, implement the same code using 'defensive' techniques. E.g., use strlcpy() instead of strcpy(), even when strcpy() is safe; Or, use sizeof(foo) instead of a hardcoded number as an argument to snprintf(), in case the size of foo changes in the future. The only comment I have (after this short glance) is that I'd rather see sizeof(foo) instead of 'sizeof foo' (we don't need yet another style in our code base :), but otherwise, I think most of the patches should make it into the main tree. Zeev At 14:22 14/03/2002, Andrew Sitnikov wrote: >Hello php-dev, > > What you think about this: > http://phpaudit.42-networks.com/ > > > Big size of patch does not bring pleasure > >Best regards, > Andrew Sitnikov > e-mail : [EMAIL PROTECTED] > GSM: (+372) 56491109 > > >-- >PHP Development Mailing List <http://www.php.net/> >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
