Zeev Suraski wrote:
> I think their work is a good step that PHP needed for a while.  I also 
> think it's an ongoing project, and not a one-time pass.
> 
> Looking at the patch, the vast majority of changes made don't actually 
> fix bugs, but rather, implement the same code using 'defensive' 
> techniques.  E.g., use strlcpy() instead of strcpy(), even when strcpy() 
> is safe;  Or, use sizeof(foo) instead of a hardcoded number as an 
> argument to snprintf(), in case the size of foo changes in the future.
> 
> The only comment I have (after this short glance) is that I'd rather see 
> sizeof(foo) instead of 'sizeof foo' (we don't need yet another style in 
> our code base :), but otherwise, I think most of the patches should make 
> it into the main tree.

That's what I thought, too.

I'm also suprised by the fact that there are so many magic numbers
in php source ;)

--
Yasuo Ohgaki


> 
> Zeev
> 
> At 14:22 14/03/2002, Andrew Sitnikov wrote:
> 
>> Hello php-dev,
>>
>>   What you think about this:
>>   http://phpaudit.42-networks.com/
>>
>>
>>   Big size of patch does not bring pleasure
>>
>> Best regards,
>>  Andrew Sitnikov
>>  e-mail : [EMAIL PROTECTED]
>>  GSM: (+372) 56491109
>>
>>
>> -- 
>> PHP Development Mailing List <http://www.php.net/>
>> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to