Bug #63520 [Com]: JSON extension includes a problematic license statement
Edit report at https://bugs.php.net/bug.php?id=63520edit=1 ID: 63520 Comment by: ond...@php.net Reported by:kaplan at debian dot org Summary:JSON extension includes a problematic license statement Status: Assigned Type: Bug Package:JSON related PHP Version:Irrelevant Assigned To:remi Block user comment: N Private report: N New Comment: Stas: Of course it's a PHP bug. PHP don't live in a vacuum, but has thriving ecosystem of various users/packagers/distributors/distributions/etc. and they are all affected by the choice you (as PHP) make. It's not healthy to dug the head into the sand and pretend that it's not a _PHP_ bug, since it affects the users of PHP. Previous Comments: [2013-08-22 22:01:39] kap...@php.net Stas: We (PHP) provide the code, and the eco system clearly has a problem with it. We could either keep ignoring it while they provide a replacement code, or adopt it officially to make everyone happy. [2013-08-22 21:52:19] shitty at gmail dot com Not evil???... come on!!! [2013-08-21 18:47:57] s...@php.net How this is a PHP bug? [2013-07-17 15:18:33] r...@php.net @seld Mandriva/Fedora/Debian have drop json non-free extension but provides jsonc dropin alternative (php5-json 1.3.1 for debian). So, your comment is not PHP related. See debian packager to have this package installed when needed (pulled by main php package for Fedora). [2013-07-17 14:24:32] s...@php.net What's the status here Remi? Can we have a regular Debian release including the JSON ext before this hits testing/stable? We had a first issue on Composer today because someone was missing the json ext [1], using Ubuntu 13.10. If this isn't resolved soon Ubuntu's next release won't have json enabled by default and we'll have a support shitstorm on our hands, so please don't do Evil because of a dubious license statement. Given the prevalence of JSON APIs and such these days, it's not just Composer that will be affected, so removing it before having a replacement in place was really an unhelpful decision IMO. [1] https://github.com/composer/composer/issues/2092 The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=63520 -- Edit this bug report at https://bugs.php.net/bug.php?id=63520edit=1
[PHP-BUG] Bug #64561 [NEW]: gdImagePaletteToTrueColor missing from gd_compat.h
From: ondrej Operating system: Any PHP version: 5.5.0beta1 Package: GD related Bug Type: Bug Bug description:gdImagePaletteToTrueColor missing from gd_compat.h Description: php5 fails to load gd extension due to using symbol only available from bundled libgd. libgd/gd_compat.h misses the definition of gdImagePaletteToTrueColor and the function needs to be moved from gd.c to gd_color.c. (Or something like that.) And it definitely needs a test in the test suite (or you can finally take over the libgd2 and release a new version for everyone, pretty please). Expected result: # php5 # Actual result: -- # php5 PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20121212+lfs/gd.so' - /usr/lib/php5/20121212+lfs/gd.so: undefined symbol: gdImagePaletteToTrueColor in Unknown on line 0 # -- Edit bug report at https://bugs.php.net/bug.php?id=64561edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=64561r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=64561r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=64561r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=64561r=fixed Fixed in release: https://bugs.php.net/fix.php?id=64561r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=64561r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=64561r=needscript Try newer version: https://bugs.php.net/fix.php?id=64561r=oldversion Not developer issue:https://bugs.php.net/fix.php?id=64561r=support Expected behavior: https://bugs.php.net/fix.php?id=64561r=notwrong Not enough info: https://bugs.php.net/fix.php?id=64561r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=64561r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=64561r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=64561r=php4 Daylight Savings: https://bugs.php.net/fix.php?id=64561r=dst IIS Stability: https://bugs.php.net/fix.php?id=64561r=isapi Install GNU Sed:https://bugs.php.net/fix.php?id=64561r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=64561r=float No Zend Extensions: https://bugs.php.net/fix.php?id=64561r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=64561r=mysqlcfg
[PHP-BUG] Bug #64490 [NEW]: struct flock undefined on FreeBSD
From: ondrej Operating system: GNU kFreeBSD PHP version: 5.5.0beta1 Package: Compile Failure Bug Type: Bug Bug description:struct flock undefined on FreeBSD Description: Zend OpCache doesn't build on Debian GNU/kFreeBSD (amd64). Full build log: https://buildd.debian.org/status/fetch.php?pkg=php5arch=kfreebsd- amd64ver=5.5.0~beta1-1stamp=1363952343 Expected result: PHP built Actual result: -- /bin/bash /build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/cli-build/libtool --preserve-dup-deps --mode=compile x86_64- kfreebsd-gnu-gcc -Iext/opcache/ -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd- amd64-MDnVFk/php5-5.5.0~beta1/ext/opcache/ -DPHP_ATOM_INC -I/build/buildd- php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli-build/include - I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli- build/main -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1 -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/cli-build/ext/date/lib -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd- amd64-MDnVFk/php5-5.5.0~beta1/ext/date/lib -I/build/buildd-php5_5.5.0~beta1-1- kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/ext/ereg/regex -I/usr/include/libxml2 - I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/ext/mbstring/libmbfl -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd- amd64-MDnVFk/php5-5.5.0~beta1/cli-build/ext/mbstring/libmbfl -I/build/buildd- php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/ext/mbstring/libmbfl/mbfl -I/build/buildd-php5_5.5.0~beta1-1- kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli-build/ext/mbstring/libmbfl/mbfl - I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli- build/TSRM -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/cli-build/Zend -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64- MDnVFk/php5-5.5.0~beta1/main -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64- MDnVFk/php5-5.5.0~beta1/Zend -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64- MDnVFk/php5-5.5.0~beta1/TSRM -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64- MDnVFk/php5-5.5.0~beta1/cli-build/-I/usr/include -O2 -Wall -fsigned-char - fno-strict-aliasing -gstabs -fvisibility=hidden -prefer-pic -c /build/buildd- php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/ext/opcache/ZendAccelerator.c -o ext/opcache/ZendAccelerator.lo libtool: compile: x86_64-kfreebsd-gnu-gcc -Iext/opcache/ -I/build/buildd- php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/ext/opcache/ - DPHP_ATOM_INC -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/cli-build/include -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd- amd64-MDnVFk/php5-5.5.0~beta1/cli-build/main -I/build/buildd-php5_5.5.0~beta1- 1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1 -I/build/buildd-php5_5.5.0~beta1-1- kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli-build/ext/date/lib -I/build/buildd- php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/ext/date/lib - I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/ext/ereg/regex -I/usr/include/libxml2 -I/build/buildd- php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/ext/mbstring/libmbfl -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli- build/ext/mbstring/libmbfl -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64- MDnVFk/php5-5.5.0~beta1/ext/mbstring/libmbfl/mbfl -I/build/buildd- php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli- build/ext/mbstring/libmbfl/mbfl -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd- amd64-MDnVFk/php5-5.5.0~beta1/cli-build/TSRM -I/build/buildd-php5_5.5.0~beta1- 1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli-build/Zend -I/build/buildd- php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/main - I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/Zend -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/TSRM -I/build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5-5.5.0~beta1/cli- build/ -I/usr/include -O2 -Wall -fsigned-char -fno-strict-aliasing -gstabs - fvisibility=hidden -c /build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64- MDnVFk/php5-5.5.0~beta1/ext/opcache/ZendAccelerator.c -fPIC -DPIC -o ext/opcache/.libs/ZendAccelerator.o In file included from /build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64- MDnVFk/php5-5.5.0~beta1/ext/opcache/ZendAccelerator.c:27:0: /build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/ext/opcache/ZendAccelerator.h:114:4: error: #error Don't know how to define struct flock /build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/ext/opcache/ZendAccelerator.c: In function 'accel_restart_enter': /build/buildd-php5_5.5.0~beta1-1-kfreebsd-amd64-MDnVFk/php5- 5.5.0~beta1/ext/opcache/ZendAccelerator.c:453:52: error: expected ')' before numeric constant
[PHP-BUG] Bug #61557 [NEW]: Crasher (SIGSEGV) bug in tt-rss backend.php
From: ondrej Operating system: Linux i386 PHP version: 5.4.0 Package: *XML functions Bug Type: Bug Bug description:Crasher (SIGSEGV) bug in tt-rss backend.php Description: Long description can be found here: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666200 The trace ends with: #0 zend_llist_add_element (l=0xbf96013c, element=0x9e961d0) at /build/buildd-php5_5.4.0-3-i386-2XGvJx/php5-5.4.0/Zend/zend_llist.c:39 Expected result: Not crash Actual result: -- http://bugs.debian.org/cgi-bin/bugreport.cgi? msg=45;filename=backtrace2;att=1;bug=666200 -- Edit bug report at https://bugs.php.net/bug.php?id=61557edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=61557r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=61557r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=61557r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=61557r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=61557r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=61557r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=61557r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=61557r=needscript Try newer version: https://bugs.php.net/fix.php?id=61557r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=61557r=support Expected behavior: https://bugs.php.net/fix.php?id=61557r=notwrong Not enough info: https://bugs.php.net/fix.php?id=61557r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=61557r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=61557r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=61557r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=61557r=dst IIS Stability: https://bugs.php.net/fix.php?id=61557r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=61557r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=61557r=float No Zend Extensions: https://bugs.php.net/fix.php?id=61557r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=61557r=mysqlcfg
[PHP-BUG] Bug #61368 [NEW]: Upstream tarball includes cruft (*.orig and autom4te.cache)
From: ondrej Operating system: Any PHP version: 5.4.0 Package: *General Issues Bug Type: Bug Bug description:Upstream tarball includes cruft (*.orig and autom4te.cache) Description: On Mon, Mar 12, 2012 at 23:32, Stas Malyshev smalys...@sugarcrm.com wrote: On Mon, Mar 12, 2012 at 23:11, Christopher Jones christopher.jo...@oracle.com wrote: The autom4te.cache and *.orig files originally mentioned are included in php.net's php-5.4.0.tar.bz2 I.e. this is a valid issue. Definitely seems to be a bug in the makedist script, since these files are not in the SVN but appear when packaging. OndÅej, please log a bug. Test script: --- ondrej@kiMac:/tmp$ md5 ~/Downloads/php-5.4.0.tar.gz MD5 (/Users/ondrej/Downloads/php-5.4.0.tar.gz) = 46b72e274c6ea7e775245ffdb81c9ce5 ondrej@kiMac:/tmp$ tar -tzvf ~/Downloads/php-5.4.0.tar.gz | grep .orig -rw-r--r-- 0 smalyshev staff 30417 29 úno 08:37 php-5.4.0/ext/standard/url_scanner_ex.c.orig -rw-r--r-- 0 smalyshev staff 27289 29 úno 08:37 php-5.4.0/ext/standard/var_unserializer.c.orig -rw-r--r-- 0 smalyshev staff 19670 29 úno 08:37 php-5.4.0/ext/pdo/pdo_sql_parser.c.orig -rw-r--r-- 0 smalyshev staff 518939 29 úno 08:37 php-5.4.0/ext/date/lib/parse_date.c.orig ondrej@kiMac:/tmp$ tar -tzvf ~/Downloads/php-5.4.0.tar.gz | grep autom4te drwxr-xr-x 0 smalyshev staff 0 29 úno 08:37 php-5.4.0/autom4te.cache/ -rw-r--r-- 0 smalyshev staff 3012815 29 úno 08:37 php-5.4.0/autom4te.cache/output.0 -rw-r--r-- 0 smalyshev staff 2855 29 úno 08:37 php-5.4.0/autom4te.cache/requests -rw-r--r-- 0 smalyshev staff 387029 29 úno 08:37 php-5.4.0/autom4te.cache/traces.0 Expected result: Neither .orig nor autom4te.cache/ directory in distribution tarball. -- Edit bug report at https://bugs.php.net/bug.php?id=61368edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=61368r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=61368r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=61368r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=61368r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=61368r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=61368r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=61368r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=61368r=needscript Try newer version: https://bugs.php.net/fix.php?id=61368r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=61368r=support Expected behavior: https://bugs.php.net/fix.php?id=61368r=notwrong Not enough info: https://bugs.php.net/fix.php?id=61368r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=61368r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=61368r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=61368r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=61368r=dst IIS Stability: https://bugs.php.net/fix.php?id=61368r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=61368r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=61368r=float No Zend Extensions: https://bugs.php.net/fix.php?id=61368r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=61368r=mysqlcfg
[PHP-BUG] Bug #61043 [NEW]: Regression in magic_quotes_gpc fix (CVE-2012-0831)
From: ondrej
Operating system:
PHP version: 5.3SVN-2012-02-10 (SVN)
Package: Variables related
Bug Type: Bug
Bug description:Regression in magic_quotes_gpc fix (CVE-2012-0831)
Description:
Description available here:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115
Basically the attached patch does replace the second location of
PG(magic_quotes_gpc) with the zend_alter_ini_entry_ex:
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex(magic_quotes_gpc,
sizeof(magic_quotes_gpc), 1, 1, ZEND_INI_SYSTEM,
ZEND_INI_STAGE_ACTIVATE, 1
TSRMLS_CC);
+ }
I could be wrong, since my knowledge of PHP internals is lim(knowledge) =
0, but
this seems to follow the logic of first change.
--
Edit bug report at https://bugs.php.net/bug.php?id=61043edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=61043r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=61043r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=61043r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=61043r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=61043r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=61043r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=61043r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=61043r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=61043r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=61043r=support
Expected behavior:
https://bugs.php.net/fix.php?id=61043r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=61043r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=61043r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=61043r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=61043r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=61043r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=61043r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=61043r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=61043r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=61043r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=61043r=mysqlcfg
Bug #61043 [PATCH]: Regression in magic_quotes_gpc fix (CVE-2012-0831)
Edit report at https://bugs.php.net/bug.php?id=61043edit=1
ID: 61043
Patch added by: ond...@php.net
Reported by:ond...@php.net
Summary:Regression in magic_quotes_gpc fix (CVE-2012-0831)
Status: Open
Type: Bug
Package:Variables related
PHP Version:5.3SVN-2012-02-10 (SVN)
Block user comment: N
Private report: N
New Comment:
The following patch has been added/updated:
Patch Name: magic_quotes_gpc-regression
Revision: 1328877857
URL:
https://bugs.php.net/patch-display.php?bug=61043patch=magic_quotes_gpc-regressionrevision=1328877857
Previous Comments:
[2012-02-10 12:43:45] ond...@php.net
Description:
Description available here:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115
Basically the attached patch does replace the second location of
PG(magic_quotes_gpc) with the zend_alter_ini_entry_ex:
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex(magic_quotes_gpc,
sizeof(magic_quotes_gpc), 1, 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1
TSRMLS_CC);
+ }
I could be wrong, since my knowledge of PHP internals is lim(knowledge) = 0,
but
this seems to follow the logic of first change.
--
Edit this bug report at https://bugs.php.net/bug.php?id=61043edit=1
Bug #61043 [Com]: Regression in magic_quotes_gpc fix (CVE-2012-0831)
Edit report at https://bugs.php.net/bug.php?id=61043edit=1
ID: 61043
Comment by: ond...@php.net
Reported by:ond...@php.net
Summary:Regression in magic_quotes_gpc fix (CVE-2012-0831)
Status: Open
Type: Bug
Package:Variables related
PHP Version:5.3SVN-2012-02-10 (SVN)
Block user comment: N
Private report: N
New Comment:
I can confirm that the attached patch fixes the reported problem:
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -
r 'var_dump(ini_get(magic_quotes_gpc));'
string(1) 1
root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini
magic_quotes_gpc = On
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -
r 'var_dump(ini_get(magic_quotes_gpc));'
string(1) 1
root@howl:/tmp# emacs php.ini
root@howl:/tmp# grep ^magic_quotes_gpc /tmp/php.ini
magic_quotes_gpc = Off
root@howl:/tmp# /tmp/buildd/php5-5.3.3/cgi-build/sapi/cli/php -c /tmp/php.ini -
r 'var_dump(ini_get(magic_quotes_gpc));'
string(0)
Previous Comments:
[2012-02-10 12:44:17] ond...@php.net
The following patch has been added/updated:
Patch Name: magic_quotes_gpc-regression
Revision: 1328877857
URL:
https://bugs.php.net/patch-display.php?bug=61043patch=magic_quotes_gpc-regressionrevision=1328877857
[2012-02-10 12:43:45] ond...@php.net
Description:
Description available here:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/930115
Basically the attached patch does replace the second location of
PG(magic_quotes_gpc) with the zend_alter_ini_entry_ex:
- PG(magic_quotes_gpc) = magic_quotes_gpc;
+
+ if (magic_quotes_gpc) {
+ zend_alter_ini_entry_ex(magic_quotes_gpc,
sizeof(magic_quotes_gpc), 1, 1, ZEND_INI_SYSTEM, ZEND_INI_STAGE_ACTIVATE, 1
TSRMLS_CC);
+ }
I could be wrong, since my knowledge of PHP internals is lim(knowledge) = 0,
but
this seems to follow the logic of first change.
--
Edit this bug report at https://bugs.php.net/bug.php?id=61043edit=1
Bug #61020 [Opn]: Security risk from find usage recommendation
Edit report at https://bugs.php.net/bug.php?id=61020edit=1
ID: 61020
User updated by:ond...@php.net
Reported by:ond...@php.net
Summary:Security risk from find usage recommendation
Status: Open
Type: Bug
Package:*Configuration Issues
PHP Version:5.4.0RC7
Block user comment: N
Private report: N
New Comment:
Quick dirty would be to recommend using find using -delete and recommending
to
install GNU find on platforms where -delete is not supported.
e.g replace current line with:
; find /path/to/sessions -mindepth 1 -maxdepth 1 -cmin +24 -delete
;
; If your find does not support -delete option, we recommend installing
; and using GNU find which does support this option.
'fuser -s' can be replaced by 'fuser /dev/null', but it is not really needed,
but it's very convenient for long sessions (like editing page in mediawiki).
Anyway workaround exists here - just increase gc_maxlifetime.
Previous Comments:
[2012-02-09 09:43:03] chortos at inbox dot lv
find on OS X does support -execdir.
[2012-02-09 01:13:40] ahar...@php.net
One problem with all of the options here is that they're a fair way from POSIX
compliant -- fuser on OS X doesn't support -s, for instance, nor does find
support -execdir. Solaris find doesn't even support -delete or -print0.
Obviously this is less of an issue in Debian. :)
Given the (pretty severe) restrictions if we want to cover all of the non-
Windows platforms PHP runs on, do we even want to recommend a one-liner in
php.ini? Maybe it would be better to come up with a short, portable shell
script
and include it in the session reference in the manual and link to that.
[2012-02-09 00:41:43] ond...@php.net
s/most error-prone/least error-prone/
[2012-02-09 00:31:44] ond...@php.net
And if you cannot use find with -delete or -execdir at least do:
find /path/to/sessions -mindepth 1 -maxdepth 1 -cmin +24 -execdir rm {} \;
[2012-02-09 00:29:10] ond...@php.net
Description:
; NOTE: If you are using the subdirectory option for storing session files
[...]
; find /path/to/sessions -cmin +24 | xargs rm
because it is prone to '\n' attack. You can see the security
considerations of GNU find.
Much better would be:
find /path/to/sessions -cmin +24 -delete
or at least
find /path/to/sessions -cmin +24 -execdir rm {} \; (GNU find)
The most error-prone way is something we cooked up in Debian:
find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f
-ignore_readdir_race -cmin +24 ! -execdir fuser -s {} 2/dev/null \;
-delete
which depends on fuser at least version 22.15 (which has removed
fork() call which was able to swamp up whole system with zombies).
The fuser call checks if the session file is still in use, because the
script was deleting still active sessions opened 24+ mins ago.
Test script:
---
Race condition for -exec rm {} \;:
while true; do
mkdir /var/lib/php5/blah
touch /var/lib/php5/blah/passwd
rmdir /var/lib/php5/blah
ln -s /etc /var/lib/php5/blah
done
xargs attack:
ondrej@howl:/tmp/php_sess$ touch bar
ondrej@howl:/tmp/php_sess$ touch -t 20120101 $(echo -e 'foo\nbar')
ondrej@howl:/tmp/php_sess$ ls -l
total 0
-rw-r--r-- 1 ondrej ondrej 0 Feb 9 01:26 bar
-rw-r--r-- 1 ondrej ondrej 0 Jan 1 00:00 foo?bar
ondrej@howl:/tmp/php_sess$ find /tmp/php_sess -mmin +24
/tmp/php_sess/foo?bar
ondrej@howl:/tmp/php_sess$ find /tmp/php_sess -mmin +24 | xargs rm
rm: cannot remove `/tmp/php_sess/foo': No such file or directory
ondrej@howl:/tmp/php_sess$ ls -l
total 0
-rw-r--r-- 1 ondrej ondrej 0 Jan 1 00:00 foo?bar
--
Edit this bug report at https://bugs.php.net/bug.php?id=61020edit=1
[PHP-BUG] Req #61031 [NEW]: Need E_COMPILE_DEPRECATED error
From: ondrej
Operating system: Irrelevant
PHP version: 5.3.10
Package: Output Control
Bug Type: Feature/Change Request
Bug description:Need E_COMPILE_DEPRECATED error
Description:
Hi,
it's probably non-issue for 5.4, but in 5.3.x the Call-time
pass-by-reference has
been deprecated is declared as E_DEPRECATED while in fact is is evaluated
at
compile time and thus more correct would be E_COMPILE_DEPRECATED error.
See the: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647641
O.
Test script:
---
?php
function i_am_bad_bad_girl($robyn) { return; };
error_reporting(E_ALL);
i_am_bad_bad_girl($ted);
?
Expected result:
Depends on the settings of your php.ini, but prints error as E_DEPRECATED
(which
is marked as run-time error setting.
Actual result:
--
Depends on the settings of your php.ini and prints error as
E_COMPILE_DEPRECATED.
--
Edit bug report at https://bugs.php.net/bug.php?id=61031edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=61031r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=61031r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=61031r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=61031r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=61031r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=61031r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=61031r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=61031r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=61031r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=61031r=support
Expected behavior:
https://bugs.php.net/fix.php?id=61031r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=61031r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=61031r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=61031r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=61031r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=61031r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=61031r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=61031r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=61031r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=61031r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=61031r=mysqlcfg
[PHP-BUG] Bug #61020 [NEW]: Security risk from find usage recommendation
From: ondrej
Operating system:
PHP version: 5.4.0RC7
Package: *Configuration Issues
Bug Type: Bug
Bug description:Security risk from find usage recommendation
Description:
; NOTE: If you are using the subdirectory option for storing session files
[...]
; find /path/to/sessions -cmin +24 | xargs rm
because it is prone to '\n' attack. You can see the security
considerations of GNU find.
Much better would be:
find /path/to/sessions -cmin +24 -delete
or at least
find /path/to/sessions -cmin +24 -execdir rm {} \; (GNU find)
The most error-prone way is something we cooked up in Debian:
find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f
-ignore_readdir_race -cmin +24 ! -execdir fuser -s {} 2/dev/null \;
-delete
which depends on fuser at least version 22.15 (which has removed
fork() call which was able to swamp up whole system with zombies).
The fuser call checks if the session file is still in use, because the
script was deleting still active sessions opened 24+ mins ago.
Test script:
---
Race condition for -exec rm {} \;:
while true; do
mkdir /var/lib/php5/blah
touch /var/lib/php5/blah/passwd
rmdir /var/lib/php5/blah
ln -s /etc /var/lib/php5/blah
done
xargs attack:
ondrej@howl:/tmp/php_sess$ touch bar
ondrej@howl:/tmp/php_sess$ touch -t 20120101 $(echo -e 'foo\nbar')
ondrej@howl:/tmp/php_sess$ ls -l
total 0
-rw-r--r-- 1 ondrej ondrej 0 Feb 9 01:26 bar
-rw-r--r-- 1 ondrej ondrej 0 Jan 1 00:00 foo?bar
ondrej@howl:/tmp/php_sess$ find /tmp/php_sess -mmin +24
/tmp/php_sess/foo?bar
ondrej@howl:/tmp/php_sess$ find /tmp/php_sess -mmin +24 | xargs rm
rm: cannot remove `/tmp/php_sess/foo': No such file or directory
ondrej@howl:/tmp/php_sess$ ls -l
total 0
-rw-r--r-- 1 ondrej ondrej 0 Jan 1 00:00 foo?bar
--
Edit bug report at https://bugs.php.net/bug.php?id=61020edit=1
--
Try a snapshot (PHP 5.4):
https://bugs.php.net/fix.php?id=61020r=trysnapshot54
Try a snapshot (PHP 5.3):
https://bugs.php.net/fix.php?id=61020r=trysnapshot53
Try a snapshot (trunk):
https://bugs.php.net/fix.php?id=61020r=trysnapshottrunk
Fixed in SVN:
https://bugs.php.net/fix.php?id=61020r=fixed
Fixed in SVN and need be documented:
https://bugs.php.net/fix.php?id=61020r=needdocs
Fixed in release:
https://bugs.php.net/fix.php?id=61020r=alreadyfixed
Need backtrace:
https://bugs.php.net/fix.php?id=61020r=needtrace
Need Reproduce Script:
https://bugs.php.net/fix.php?id=61020r=needscript
Try newer version:
https://bugs.php.net/fix.php?id=61020r=oldversion
Not developer issue:
https://bugs.php.net/fix.php?id=61020r=support
Expected behavior:
https://bugs.php.net/fix.php?id=61020r=notwrong
Not enough info:
https://bugs.php.net/fix.php?id=61020r=notenoughinfo
Submitted twice:
https://bugs.php.net/fix.php?id=61020r=submittedtwice
register_globals:
https://bugs.php.net/fix.php?id=61020r=globals
PHP 4 support discontinued:
https://bugs.php.net/fix.php?id=61020r=php4
Daylight Savings:https://bugs.php.net/fix.php?id=61020r=dst
IIS Stability:
https://bugs.php.net/fix.php?id=61020r=isapi
Install GNU Sed:
https://bugs.php.net/fix.php?id=61020r=gnused
Floating point limitations:
https://bugs.php.net/fix.php?id=61020r=float
No Zend Extensions:
https://bugs.php.net/fix.php?id=61020r=nozend
MySQL Configuration Error:
https://bugs.php.net/fix.php?id=61020r=mysqlcfg
Bug #61020 [Opn]: Security risk from find usage recommendation
Edit report at https://bugs.php.net/bug.php?id=61020edit=1
ID: 61020
User updated by:ond...@php.net
Reported by:ond...@php.net
Summary:Security risk from find usage recommendation
Status: Open
Type: Bug
Package:*Configuration Issues
PHP Version:5.4.0RC7
Block user comment: N
Private report: N
New Comment:
And if you cannot use find with -delete or -execdir at least do:
find /path/to/sessions -mindepth 1 -maxdepth 1 -cmin +24 -execdir rm {} \;
Previous Comments:
[2012-02-09 00:29:10] ond...@php.net
Description:
; NOTE: If you are using the subdirectory option for storing session files
[...]
; find /path/to/sessions -cmin +24 | xargs rm
because it is prone to '\n' attack. You can see the security
considerations of GNU find.
Much better would be:
find /path/to/sessions -cmin +24 -delete
or at least
find /path/to/sessions -cmin +24 -execdir rm {} \; (GNU find)
The most error-prone way is something we cooked up in Debian:
find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f
-ignore_readdir_race -cmin +24 ! -execdir fuser -s {} 2/dev/null \;
-delete
which depends on fuser at least version 22.15 (which has removed
fork() call which was able to swamp up whole system with zombies).
The fuser call checks if the session file is still in use, because the
script was deleting still active sessions opened 24+ mins ago.
Test script:
---
Race condition for -exec rm {} \;:
while true; do
mkdir /var/lib/php5/blah
touch /var/lib/php5/blah/passwd
rmdir /var/lib/php5/blah
ln -s /etc /var/lib/php5/blah
done
xargs attack:
ondrej@howl:/tmp/php_sess$ touch bar
ondrej@howl:/tmp/php_sess$ touch -t 20120101 $(echo -e 'foo\nbar')
ondrej@howl:/tmp/php_sess$ ls -l
total 0
-rw-r--r-- 1 ondrej ondrej 0 Feb 9 01:26 bar
-rw-r--r-- 1 ondrej ondrej 0 Jan 1 00:00 foo?bar
ondrej@howl:/tmp/php_sess$ find /tmp/php_sess -mmin +24
/tmp/php_sess/foo?bar
ondrej@howl:/tmp/php_sess$ find /tmp/php_sess -mmin +24 | xargs rm
rm: cannot remove `/tmp/php_sess/foo': No such file or directory
ondrej@howl:/tmp/php_sess$ ls -l
total 0
-rw-r--r-- 1 ondrej ondrej 0 Jan 1 00:00 foo?bar
--
Edit this bug report at https://bugs.php.net/bug.php?id=61020edit=1
Bug #61020 [Opn]: Security risk from find usage recommendation
Edit report at https://bugs.php.net/bug.php?id=61020edit=1
ID: 61020
User updated by:ond...@php.net
Reported by:ond...@php.net
Summary:Security risk from find usage recommendation
Status: Open
Type: Bug
Package:*Configuration Issues
PHP Version:5.4.0RC7
Block user comment: N
Private report: N
New Comment:
s/most error-prone/least error-prone/
Previous Comments:
[2012-02-09 00:31:44] ond...@php.net
And if you cannot use find with -delete or -execdir at least do:
find /path/to/sessions -mindepth 1 -maxdepth 1 -cmin +24 -execdir rm {} \;
[2012-02-09 00:29:10] ond...@php.net
Description:
; NOTE: If you are using the subdirectory option for storing session files
[...]
; find /path/to/sessions -cmin +24 | xargs rm
because it is prone to '\n' attack. You can see the security
considerations of GNU find.
Much better would be:
find /path/to/sessions -cmin +24 -delete
or at least
find /path/to/sessions -cmin +24 -execdir rm {} \; (GNU find)
The most error-prone way is something we cooked up in Debian:
find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f
-ignore_readdir_race -cmin +24 ! -execdir fuser -s {} 2/dev/null \;
-delete
which depends on fuser at least version 22.15 (which has removed
fork() call which was able to swamp up whole system with zombies).
The fuser call checks if the session file is still in use, because the
script was deleting still active sessions opened 24+ mins ago.
Test script:
---
Race condition for -exec rm {} \;:
while true; do
mkdir /var/lib/php5/blah
touch /var/lib/php5/blah/passwd
rmdir /var/lib/php5/blah
ln -s /etc /var/lib/php5/blah
done
xargs attack:
ondrej@howl:/tmp/php_sess$ touch bar
ondrej@howl:/tmp/php_sess$ touch -t 20120101 $(echo -e 'foo\nbar')
ondrej@howl:/tmp/php_sess$ ls -l
total 0
-rw-r--r-- 1 ondrej ondrej 0 Feb 9 01:26 bar
-rw-r--r-- 1 ondrej ondrej 0 Jan 1 00:00 foo?bar
ondrej@howl:/tmp/php_sess$ find /tmp/php_sess -mmin +24
/tmp/php_sess/foo?bar
ondrej@howl:/tmp/php_sess$ find /tmp/php_sess -mmin +24 | xargs rm
rm: cannot remove `/tmp/php_sess/foo': No such file or directory
ondrej@howl:/tmp/php_sess$ ls -l
total 0
-rw-r--r-- 1 ondrej ondrej 0 Jan 1 00:00 foo?bar
--
Edit this bug report at https://bugs.php.net/bug.php?id=61020edit=1
[PHP-BUG] Bug #60948 [NEW]: mysqlnd FTBFS when -Wformat-security is enabled
From: ondrej Operating system: Any PHP version: 5.4.0RC6 Package: MySQL related Bug Type: Bug Bug description:mysqlnd FTBFS when -Wformat-security is enabled Description: $ svn diff Index: ext/mysqlnd/mysqlnd_wireprotocol.c === --- ext/mysqlnd/mysqlnd_wireprotocol.c (revision 322993) +++ ext/mysqlnd/mysqlnd_wireprotocol.c (working copy) @@ -500,7 +500,7 @@ const char * const msg = Authentication data too long. Won't fit into the buffer and will be truncated. Authentication will thus fail; SET_CLIENT_ERROR(*conn-error_info, CR_UNKNOWN_ERROR, UNKNOWN_SQLSTATE, msg); - php_error_docref(NULL TSRMLS_CC, E_WARNING, msg); + php_error_docref(NULL TSRMLS_CC, E_WARNING, %s, msg); DBG_RETURN(0); } -- Edit bug report at https://bugs.php.net/bug.php?id=60948edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=60948r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=60948r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=60948r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=60948r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=60948r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=60948r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=60948r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=60948r=needscript Try newer version: https://bugs.php.net/fix.php?id=60948r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=60948r=support Expected behavior: https://bugs.php.net/fix.php?id=60948r=notwrong Not enough info: https://bugs.php.net/fix.php?id=60948r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=60948r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=60948r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=60948r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=60948r=dst IIS Stability: https://bugs.php.net/fix.php?id=60948r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=60948r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=60948r=float No Zend Extensions: https://bugs.php.net/fix.php?id=60948r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=60948r=mysqlcfg
[PHP-BUG] Bug #60108 [NEW]: GD cannot be compiled with system libgd
From: ondrej Operating system: Linux PHP version: 5.4.0beta2 Package: GD related Bug Type: Bug Bug description:GD cannot be compiled with system libgd Description: When compiled with system-wide (not embedded) libgd library the compilation fails with: In file included from /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd.c:103:0: /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c: In function '_php_image_stream_putc': /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c:51:41: error: 'struct gdIOCtx' has no member named 'data' /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c: In function '_php_image_stream_putbuf': /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c:58:41: error: 'struct gdIOCtx' has no member named 'data' /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c: In function '_php_image_stream_ctxfree': /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c:67:8: error: 'struct gdIOCtx' has no member named 'data' /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c:68:3: error: 'struct gdIOCtx' has no member named 'data' /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c:69:6: error: 'struct gdIOCtx' has no member named 'data' In file included from /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd.c:103:0: /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c: In function '_php_image_output_ctx': /tmp/buildd/php5-5.4.0~beta2/ext/gd/gd_ctx.c:153:6: error: 'gdIOCtx' has no member named 'data' You need to wrap the _stream_ stuff inside the #ifdef HAVE_GD_BUNDLED -- Edit bug report at https://bugs.php.net/bug.php?id=60108edit=1 -- Try a snapshot (PHP 5.4): https://bugs.php.net/fix.php?id=60108r=trysnapshot54 Try a snapshot (PHP 5.3): https://bugs.php.net/fix.php?id=60108r=trysnapshot53 Try a snapshot (trunk): https://bugs.php.net/fix.php?id=60108r=trysnapshottrunk Fixed in SVN: https://bugs.php.net/fix.php?id=60108r=fixed Fixed in SVN and need be documented: https://bugs.php.net/fix.php?id=60108r=needdocs Fixed in release: https://bugs.php.net/fix.php?id=60108r=alreadyfixed Need backtrace: https://bugs.php.net/fix.php?id=60108r=needtrace Need Reproduce Script: https://bugs.php.net/fix.php?id=60108r=needscript Try newer version: https://bugs.php.net/fix.php?id=60108r=oldversion Not developer issue: https://bugs.php.net/fix.php?id=60108r=support Expected behavior: https://bugs.php.net/fix.php?id=60108r=notwrong Not enough info: https://bugs.php.net/fix.php?id=60108r=notenoughinfo Submitted twice: https://bugs.php.net/fix.php?id=60108r=submittedtwice register_globals: https://bugs.php.net/fix.php?id=60108r=globals PHP 4 support discontinued: https://bugs.php.net/fix.php?id=60108r=php4 Daylight Savings:https://bugs.php.net/fix.php?id=60108r=dst IIS Stability: https://bugs.php.net/fix.php?id=60108r=isapi Install GNU Sed: https://bugs.php.net/fix.php?id=60108r=gnused Floating point limitations: https://bugs.php.net/fix.php?id=60108r=float No Zend Extensions: https://bugs.php.net/fix.php?id=60108r=nozend MySQL Configuration Error: https://bugs.php.net/fix.php?id=60108r=mysqlcfg
Bug #51192 [Com]: FILTER_VALIDATE_URL will invalidate a hostname that includes '-'
Edit report at http://bugs.php.net/bug.php?id=51192edit=1 ID: 51192 Comment by: ond...@php.net Reported by:solar at azrael dot ws Summary:FILTER_VALIDATE_URL will invalidate a hostname that includes '-' Status: Closed Type: Bug Package:Filter related Operating System: linux PHP Version:5.2.13 Assigned To:aharvey Block user comment: N New Comment: Please be aware that IDN (PunyCode) url can contain two consecutive hyphens, ie. xn--hkyrky-ptac70bc.cz is OK as well. Previous Comments: [2010-04-07 02:43:39] ahar...@php.net The fix for this hasn't been incorporated into any stable releases yet: it came after 5.2.13 was released and 5.3.2 was branched (and far too late in 5.3.2's release cycle to be ported across). Both versions 5.2.14 and 5.3.3 will include this bug fix. [2010-04-06 22:04:34] lupo at e-noise dot com I am experiencing the same behavior with PHP 5.3.2 on Mac OSX. When hostname contains hyphens filter_var() won't validate using the FILTER_VALIDATE_URL filter. The test code posted by solar at azrael dot ws produces the following output: string(18) http://example.com; bool(false) string(19) http://exa_mple.com; [2010-03-03 10:26:58] ahar...@php.net This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. [2010-03-03 10:25:52] ahar...@php.net Automatic comment from SVN on behalf of aharvey Revision: http://svn.php.net/viewvc/?view=revisionamp;revision=295773 Log: Fix for bug #51192 (FILTER_VALIDATE_URL will invalidate a hostname that includes '-'). Original patch by so...@azrael.ws. [2010-03-03 09:50:24] ahar...@php.net Yeah, that doesn't quite look right. :) Cheers for the patch; I'll cook up a test script to go with it and commit it. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/bug.php?id=51192 -- Edit this bug report at http://bugs.php.net/bug.php?id=51192edit=1
