Re: [PHP-DEV] exec + safemode

[Stefan Esser]

Hi,

It is not off topic. Its an annoying bug and I asked around if I oversee
something
if i change php_escape_shell_cmd to ignore stuff between quotes.
(off course checking for escaped quotes within the quotes)

Stefan


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] CVS fails to build

[Sebastian Bergmann]

  Linux, Apache 2 SAPI:

ext/mysql/php_mysql.lo: In function `zif_mysql_create_db':
/usr/src/php4/ext/mysql/php_mysql.c:942: undefined reference to
`mysql_create_db'
ext/mysql/php_mysql.lo: In function `zif_mysql_drop_db':
/usr/src/php4/ext/mysql/php_mysql.c:981: undefined reference to
`mysql_drop_db'
collect2: ld returned 1 exit status
make: *** [sapi/cli/php] Error 1

-- 
  Sebastian Bergmann
  http://sebastian-bergmann.de/ http://phpOpenTracker.de/

  Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Current CVS on Linux fails to build

[Sebastian Bergmann]

  Linux, Apache 2 SAPI:

ext/mysql/php_mysql.lo: In function `zif_mysql_create_db':
/usr/src/php4/ext/mysql/php_mysql.c:942: undefined reference to
`mysql_create_db'
ext/mysql/php_mysql.lo: In function `zif_mysql_drop_db':
/usr/src/php4/ext/mysql/php_mysql.c:981: undefined reference to
`mysql_drop_db'
collect2: ld returned 1 exit status
make: *** [sapi/cli/php] Error 1

-- 
  Sebastian Bergmann
  http://sebastian-bergmann.de/ http://phpOpenTracker.de/

  Did I help you? Consider a gift: http://wishlist.sebastian-bergmann.de/

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] CVS Account Request: sukamade

[Adi Setiawan]

Translating the documentation to Indonesian langunages

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: FW: [PHP-DEV] OCIError patch

[Markus Fischer]

Of course the offset is fine. But if I were you, I wouldn't
put the asterisk into the sql statement; just provide the
offset. _This_ is the greatest flexibility you can provide
because all the information is passed unmodified to the
developer.

Serious environments need custom error handlers anyway.
Putting HTML inside or modifying error messages this way is
a bad thing [tm]. Just provide the raw components and
everyone else can decide how he presents the data to the end
user (that's the idea behind).

And, for the patch, can you please make a unified diff
against altest CVS ?

- Markus

On Tue, Mar 12, 2002 at 03:19:27PM -0800, Walter A. Boring IV wrote : 
> I like the idea of having the sqltext in the return array, as well as
> the offset.  This is a very usefull tool for debugging oracle sql
> queries.  I believe its something that OCIError has been lacking.
> Anyone that uses Oracle along with sqlplus, you get the * under the 
> broken portion of the query. I find it very usefull.  
>   If there is a general rule of not putting html inside return values
> for php internal functions, thats fine.  But I still want an easy way of
> showing this type of info, without having to create my own wrapper
> function call to OCIError, just so I can highlight the broken portion of
> the query.
> 
> my $0.02
> Walt
> 
> On Tue, 2002-03-12 at 15:08, Daniel Ceregatti wrote:
> > Yes. An example of what would be in the array returned by OCIError would be:
> > 
> > // Given the code below...
> > 
> > $conn = OCILogon (bla bla bla);
> > 
> > $sql = "select t.foo, t.bar from table t where t.id = 1";
> > 
> > $stmt = OCIParse ($conn, $sql);
> > 
> > OCIExecute ($stmt, OCI_DEFAULT);
> > 
> > $error = OCIError ($stmt);
> > 
> > // What follows are the values of the elements of the array returned by 
> > OCIError (presuming "bar" is an invalid column it the table):
> > 
> > $error["code"] = 904
> > $error["message"] = "ORA-00904: invalid column name"
> > $error["sqltext"] = "select t.foo, t.*bar from table t where t.id = 1"
> > $error["offset"] = 16
> > 
> > The PHP user then has the option of using either the "sqltext" element 
> > directly, or using the "offset" element and the $sql variable to create 
> > any output they see fit. I think this allows for the greatest 
> > felxibility, IMHO.
> > 
> > Daniel
> > 
> > Markus Fischer wrote:
> > 
> > >On Tue, Mar 12, 2002 at 02:26:24PM -0800, Daniel Ceregatti wrote : 
> > >
> > >>How about doing what sqlplus does and simply add an asterisk at that 
> > >>point? I'm ok with rolling my own inside of the script by using the 
> > >>offset element. I simply think it'll do PHP users a service to have the 
> > >>"sqltext" in the array in _some_ form, even if only with an asterisk.
> > >>
> > >
> > >Asterisk at what point? Specified by offset?
> > >
> > 

-- 
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Linking pthread in a module

[Brian Foddy]

Related to my previous note, I remembered another question I've
pondered.

If you noticed in my last note, the link statement included -lpthread

(I've tried without it, it won't link without pthread).

Which implies to me that the Tuxedo libraries I'm bringing in, are themselves
multi-threaded; even tho the whole of PHP is not (assume I'm doing
a standard Apache 1.3 module build).

Does anyone have any thoughts on this?  Raise any red flags, etc?
Assume Solaris or Linux, systems that obviously support the 
threading libraries in some fashion.

Brian



-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Config.m4 help

[Brian Foddy]

I'm finally trying to tackle an improvement in the config.m4 for my tuxedo module.
Previously, I've just hacked my way from other config.m4 scripts until it did what I
wanted.  But now I need it to get fancy.

The problem comes because the raw Tuxedo libraries and the linking required
to use them seems to vary with each Tux version.  However, they provide
a utility they expect people to use to link a client program (buildclient) which
has a verbose option that prints the details of its compile/link command.
(I can't just use it solely because it assumes its to build a executable program,
not a dynamic library).

So if I can get the config.m4 script to execute a sequence like:

buildclient -v -w -f simple_sample.c

The first line it outputs would look like:
cc -I $TUXDIR/include -o a.out -L{$TUXDIR}/lib simple_sample.c -lwsc -lbuft -lwsc 
-lgpnet -lfml -lfml32 -lengine -ldl -lpthread /usr/lib/libcrypt.a
(plus some other lines)...

But this output will vary with at least 2 or 3 different versions of Tuxedo, hence
I can't just hardcode the m4 file.

I need to capture all the -l lines, and take those to create my 
PHP_ADD_LIBRARY and TUXEDO_LIBS lines for the config.m4.  
This is how, given the Tuxedo version provided, I should link a program.
>From there, the rest of the buldconf process will take over just fine.

My experience with m4, very little.  My knowledge of exactly what those m4 macros
like PHP_ADD_LIBRARY do ...  very little also.

Does anyone have any ideas or places I can start to work this out?

Much appreciated.
Brian



-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] New Build system niggles

[Wez Furlong]

Hi all,

I've noticed a couple of minor issues with the build system; perhaps
a build guru (Sascha!) could take a look...

sapi/cli/php seems to have a broken dependency; if I touch
ext/standard/aggregate.c, the object is built but the executable is
not re-linked.

"make test" will run, but something odd seems to have happened;
tests that need to include files will not succeed because something
related to include_path and sapi/cgi/php seems broken.
Manually running the php script (not via run-tests.php) using
sapi/cli/php appears to work a little bit better.

If this is a known issue, OK, otherwise, let me know and I can provide
some more info.

--Wez.

[PHP-DEV] Re: Session Oddness

[Yasuo Ohgaki]

Yeah. I know.

This is one of the issue I'm going to discuss with Sascha.
It's not important for me compare to other issues, so this
will be the last one.

Anyway, may be we should go back to the original behavior
for now.

-- 
Yasuo Ohgaki
[EMAIL PROTECTED]

Matt Allen wrote:
> Guys,
> 
> Somebody hsa done something screwy with sessions, ther WEREN'T defining SID
> when a cookie wasnt set. heres a diff:
> 
> --- php4-200203120300/ext/session/session.c Wed Mar 13 02:51:51 2002
> +++ tmp/php4-200203120300/ext/session/session.c Sat Mar  9 11:33:29 2002
> @@ -940,14 +940,7 @@
> smart_str_0(&var);
> REGISTER_STRING_CONSTANT("SID", var.c, 0);
> } else {
> -smart_str var = {0};
> -
> -smart_str_appends(&var, PS(session_name));
> -smart_str_appendc(&var, '=');
> -smart_str_appends(&var, PS(id));
> -smart_str_0(&var);
> -REGISTER_STRING_CONSTANT("SID", var.c, 0);
> -   /* REGISTER_STRING_CONSTANT("SID", empty_string, 0); */
> +   REGISTER_STRING_CONSTANT("SID", empty_string, 0);
> }
> 
> PS(session_status) = php_session_active;
> 
> it had me scratchin my head for a while
> 
> Matt
> 


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Session Oddness

[Matt Allen]

Guys,

Somebody hsa done something screwy with sessions, ther WEREN'T defining SID
when a cookie wasnt set. heres a diff:

--- php4-200203120300/ext/session/session.c Wed Mar 13 02:51:51 2002
+++ tmp/php4-200203120300/ext/session/session.c Sat Mar  9 11:33:29 2002
@@ -940,14 +940,7 @@
smart_str_0(&var);
REGISTER_STRING_CONSTANT("SID", var.c, 0);
} else {
-smart_str var = {0};
-
-smart_str_appends(&var, PS(session_name));
-smart_str_appendc(&var, '=');
-smart_str_appends(&var, PS(id));
-smart_str_0(&var);
-REGISTER_STRING_CONSTANT("SID", var.c, 0);
-   /* REGISTER_STRING_CONSTANT("SID", empty_string, 0); */
+   REGISTER_STRING_CONSTANT("SID", empty_string, 0);
}

PS(session_status) = php_session_active;

it had me scratchin my head for a while

Matt


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] the dl() issue

[Yasuo Ohgaki]

Marko Karppinen wrote:
> Zeev and Stas:
> 
> 
>>That sounds like a pretty good idea, actually :)
>>
>>>Might the solution be in the form of some 'auto-load extension folder'?
>>>I.e., folder in which all extensions found there are loaded automatically?
>>
> 
> Yes, this seems to be a near-perfect solution to me. Great!
> 

+1

-- 
Yasuo Ohgaki
[EMAIL PROTECTED]


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: mbstring module

[Yasuo Ohgaki]

Brad Lafountain wrote:
>  $str = "Hello World";
> echo mb_strlen($str) . "\n";
> echo mb_strlen(mb_convert_encoding($str, "BASE64"), "BASE64");
> ?>
> 
> the code above prints out
> 11
> 16
> 
> 
> ... is this correct??? If so why does it work this way.

Yes. This is correct. "BASE64" is not a valid _character_ encoding
name and mb_strlen() treats it as default char encoding which will
probably count a byte as a one char.



11
Hello World
16
SGVsbG8gV29ybGQ=

-- 
Yasuo Ohgaki
[EMAIL PROTECTED]


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] buildconf for 4.1.2 breaks Solaris 8

[Jon Parise]

On Tue, Mar 12, 2002 at 06:33:34PM -0500, J Smith wrote:

> This is the first time I've tried installing on Solaris, so maybe I'm way 
> off, but anyways...
> 
> Here's how things look:
> 
> # ./buildconf
> rebuilding configure
> configure.in:124: warning: AC_PROG_LEX invoked multiple times
> rebuilding main/php_config.h.in
> 
> # ./configure [any combination of configure arguments, it breaks regardless 
> of what I use]
> .
> .
> .
> .
> ./configure: syntax error at line 3399: `fi' unexpected
> # 
 
What version of autoconf are you using?  You may need to step
back to autoconf-2.13.

-- 
Jon Parise ([EMAIL PROTECTED])  .  Information Technology (2001)
http://www.csh.rit.edu/~jon/  :  Computer Science House Member

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] read_uploaded_file();

[Andrew Sitnikov]

Hello php-dev,

  I created function `read_uploaded_file()`, i think it is useful at
  to work with uploaded file in safe_mode and open_basedir, because if
  i need only file content and safe_mode=on or open_basedir is set, i
  can not read file, i must move it, read and delete then.

Best regards,
 Andrew Sitnikov 
 e-mail : [EMAIL PROTECTED]
 GSM: (+372) 56491109


read_uploaded_file.diff
Description: Binary data

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Is credits_ext.h still being updated?

[Jason Greene]

I added myself to the Sockets Extension a few months ago, and it has
never propagated.

-Jason



-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] buildconf for 4.1.2 breaks Solaris 8

[J Smith]

This is the first time I've tried installing on Solaris, so maybe I'm way 
off, but anyways...

Here's how things look:

# ./buildconf
rebuilding configure
configure.in:124: warning: AC_PROG_LEX invoked multiple times
rebuilding main/php_config.h.in

# ./configure [any combination of configure arguments, it breaks regardless 
of what I use]
.
.
.
.
./configure: syntax error at line 3399: `fi' unexpected
# 


I could just have something screwy installed, or maybe I'm not doing this 
right. (I've done dozens of installs on Linux and win32 systems, this is my 
first Solaris install, so it might be me.)

Solutions? Suggestions>

J

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] fopen with https support ?

[Wez Furlong]

Andrey,

I have a patch waiting to commit against the current CVS; I've
been holding off while waiting for the branch for the next release
and now I'm waiting for the new build system to settle down a little.

Since the patch touches most corners of PHP, it will need a bit
of "testing in"; I think it will be quite stable - I'm anticipating
a few small problems where older code hasn't been ported to the new
system.

So, don't expect it in 4.2, but most likely 4.3 (or whatever we come
up with after 4.2).

I'll see about committing this thing to CVS ASAP so that you can
at least evaluate it.

--Wez.

On 09/03/02, "Andrey Hristov" <[EMAIL PROTECTED]> wrote:
> support planned that will work much like fopen("ssl://host") or
> fopen("https://host";). However, it might not be there until PHP 4.1 (although 
> I'd like to get it into
> PHP 4.0.7, time permitting). 
> --Wez.
> 
> However these examples are not working. The patch from [EMAIL PROTECTED] is not 
> implemented(4.1.2). Is the support in the ex-head 4.2.0?
> 
> Background: I use XMLRPC-EPI-PHP extension and Apache with mod_ssl. I've 
> added all type of ssl support the the libphp4.so but the utils.php from the 
> XMLRPC-EPI-PHP crashes - no function fsockopen_ssl(). After googling I found 
> the post I put above.



-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] HEADS UP! Streams are coming

[Wez Furlong]

Hi all,

I've decided to drop the old ISSOCK style code from my streams-enabled
PHP tree, since supporting both that and streams in the code makes the
code worse than it was originally (and the point is to make the code nicer).

But! What about third-party extensions?  Are there any out there that
use le_fopen and ISSOCK ?  Do we care about breaking them source-code wise
for the next-next release of PHP (4.3 or perhaps it will be 5 by then?).

I aim to commit this stuff by the weekend - if anyone has objections
or whatever, please let me know before then.

I don't anticipate problems with the patch, but then I can't test extensions
that I can't compile/support, so I would appreciate some feedback.

--Wez.

Re: FW: [PHP-DEV] OCIError patch

[Walter A. Boring IV]

I like the idea of having the sqltext in the return array, as well as
the offset.  This is a very usefull tool for debugging oracle sql
queries.  I believe its something that OCIError has been lacking.
Anyone that uses Oracle along with sqlplus, you get the * under the 
broken portion of the query. I find it very usefull.  
  If there is a general rule of not putting html inside return values
for php internal functions, thats fine.  But I still want an easy way of
showing this type of info, without having to create my own wrapper
function call to OCIError, just so I can highlight the broken portion of
the query.

my $0.02
Walt

On Tue, 2002-03-12 at 15:08, Daniel Ceregatti wrote:
> Yes. An example of what would be in the array returned by OCIError would be:
> 
> // Given the code below...
> 
> $conn = OCILogon (bla bla bla);
> 
> $sql = "select t.foo, t.bar from table t where t.id = 1";
> 
> $stmt = OCIParse ($conn, $sql);
> 
> OCIExecute ($stmt, OCI_DEFAULT);
> 
> $error = OCIError ($stmt);
> 
> // What follows are the values of the elements of the array returned by 
> OCIError (presuming "bar" is an invalid column it the table):
> 
> $error["code"] = 904
> $error["message"] = "ORA-00904: invalid column name"
> $error["sqltext"] = "select t.foo, t.*bar from table t where t.id = 1"
> $error["offset"] = 16
> 
> The PHP user then has the option of using either the "sqltext" element 
> directly, or using the "offset" element and the $sql variable to create 
> any output they see fit. I think this allows for the greatest 
> felxibility, IMHO.
> 
> Daniel
> 
> Markus Fischer wrote:
> 
> >On Tue, Mar 12, 2002 at 02:26:24PM -0800, Daniel Ceregatti wrote : 
> >
> >>How about doing what sqlplus does and simply add an asterisk at that 
> >>point? I'm ok with rolling my own inside of the script by using the 
> >>offset element. I simply think it'll do PHP users a service to have the 
> >>"sqltext" in the array in _some_ form, even if only with an asterisk.
> >>
> >
> >Asterisk at what point? Specified by offset?
> >
> 


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: FW: [PHP-DEV] OCIError patch

[Daniel Ceregatti]

Yes. An example of what would be in the array returned by OCIError would
be:

// Given the code below...

$conn = OCILogon (bla bla bla);

$sql = "select t.foo, t.bar from table t where t.id = 1";

$stmt = OCIParse ($conn, $sql);

OCIExecute ($stmt, OCI_DEFAULT);

$error = OCIError ($stmt);

// What follows are the values of the elements of the array returned by OCIError
(presuming "bar" is an invalid column it the table):

$error["code"] = 904
 $error["message"] = "ORA-00904: invalid column name"
$error["sqltext"] = "select t.foo, t.*bar from table t where t.id = 1"
$error["offset"] = 16

The PHP user then has the option of using either the "sqltext" element directly,
or using the "offset" element and the $sql variable to create any output
they see fit. I think this allows for the greatest felxibility, IMHO.

Daniel

Markus Fischer wrote:

  On Tue, Mar 12, 2002 at 02:26:24PM -0800, Daniel Ceregatti wrote : 
  
How about doing what sqlplus does and simply add an asterisk at that point? I'm ok with rolling my own inside of the script by using the offset element. I simply think it'll do PHP users a service to have the "sqltext" in the array in _some_ form, even if only with an asterisk.
  
  Asterisk at what point? Specified by offset?

Re: FW: [PHP-DEV] OCIError patch

[Markus Fischer]

On Tue, Mar 12, 2002 at 02:26:24PM -0800, Daniel Ceregatti wrote : 
> How about doing what sqlplus does and simply add an asterisk at that 
> point? I'm ok with rolling my own inside of the script by using the 
> offset element. I simply think it'll do PHP users a service to have the 
> "sqltext" in the array in _some_ form, even if only with an asterisk.

Asterisk at what point? Specified by offset?

-- 
Please always Cc to me when replying to me on the lists.
GnuPG Key: http://guru.josefine.at/~mfischer/C2272BD0.asc

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: FW: [PHP-DEV] OCIError patch

[Daniel Ceregatti]

How about doing what sqlplus does and simply add an asterisk at that point? 
I'm ok with rolling my own inside of the script by using the offset element. 
I simply think it'll do PHP users a service to have the "sqltext" in the array
in _some_ form, even if only with an asterisk.
 
 Your thoughts?
 
 Daniel
 
 Markus Fischer wrote:
 
   
  I'm -indefinite until the html gets out of it. There are noerror messages which do html on their own (if so, they arebogus and need to be fixed). Command line does not use.. anymore (has been fixed).On Tue, Mar 12, 2002 at 02:02:30PM -0800, Daniel Ceregatti wrote : 
   
   
Hi,Andi, thanks for the feedback. I've changed the patch to include emallocand efree.I actually use PHP from the command line a lot and I've noticed thatwarnings always get wrapped in , so I figured it was ok to do HTMLhere too.I've modified the patch to also include an "offset" element in the arrayreturned by OCIError. This will allow someone to "roll their own" methodfor displaying the error.I've decided to leave the code that produces "sqltext" in, because Ihave a feeling the lazy programmers (i.e. ME) will be happy with thatinstead.New patch attached.Daniel
 
   
  -Original Message-From: Andi Gutmans [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 12, 2002 13:08To: Walter A. Boring IV; [EMAIL PROTECTED]Subject: Re: [PHP-DEV] OCIError patchHey,I'm not quite sure it's correct for the error message to print HTMLitself. It's probably more correct to do this from user land.In any case, you should not be using malloc()/free() butemalloc()/efree(). If the request gets interrupted the memory will be freed if you're usingemalloc().AndiAt 12:59 12/03/2002 -0800, Walter A. Boring IV wrote:
   
   
Ahh.  very kewl patch Dan.WaltOn Tue, 2002-03-12 at 12:48, Daniel Ceregatti wrote:
 
   
  Hi,I wrote a small patch to oci8.c's OCIError function which places thefollowing tag:just before an error in a sql statement and adds the modified
 
   
   
  statement
   
   
   
  text into a new element called "sqltext" to the array returned byOCIError, much the same way sqlplus adds an asterisk under an error.I find this very useful, and I'm hoping you will too. I've attached
 
   
   
  the
   
   
   
  patch.Thanks,Daniel Ceregatti--- php-4.1.2/ext/oci8/oci8.c.origTue Mar 12 11:56:17 2002+++ php-4.1.2/ext/oci8/oci8.c Tue Mar 12 12:23:35 2002@@ -4090,10 +4090,13 @@zval **arg;oci_statement *statement;oci_connection *connection;-text errbuf[512];-sb4 errcode = 0;+ text errbuf[512];+ sb4 errcode = 0;sword error = 0;dvoid *errh = NULL;+ ub2 errorofs = 0;+ text *sqltext;+ char *retsql;if (zend_get_parameters_ex(1, &arg) == SUCCESS) {statement = (oci_statement *) zend_fetch_resource(arg 
 
 
TSRMLS_CC, -1, NULL, NULL, 1, le_stmt);
 
   
  @@ -4130,10 +4133,33 @@(ub4) sizeof(errbuf),(ub4) OCI_HTYPE_ERROR));+ CALL_OCI_RETURN(statement->error, OCIAttrGet(+ (dvoid *)statement->pStmt,+ OCI_HTYPE_STMT,+ (text *) &sqltext,+ (ub4 *)0,+ OCI_ATTR_STATEMENT,+ statement->pError));++ CALL_OCI_RETURN(statement->error, OCIAttrGet(+ (dvoid *)statement->pStmt,+ OCI_HTYPE_STMT,+ (ub2 *)&errorofs,+ (ub4 *)0,+ OCI_ATTR_PARSE_ERROR_OFFSET,+ statement->pError));+if (errcode) {+ retsql = (char 

*) malloc (strlen (sqltext) + 100);+ memset (retsql, 0, strlen (sqltext) + 100);+ strncat (retsql, sqltext, (int) errorofs);+ strcat (retsql, "
 
 
font-weight:bold\">");
 
   
  + strcat (retsql, (char *) sqltext + (int) errorofs);array_init(return_value);add_assoc_long(return_value, "code", errcode);+ add_assoc_string(return_value, "sqltext", (char *) 
 
 
retsql, 1);
 
   
  add_assoc_string(return_value, "message", (char*)
 
   
   
  errbuf, 1);
   
   
   
  + free (retsql);} else {RETURN_FALSE;}--PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
 
 
--PHP Development Mailing List To unsubscribe, visit: http://www.php.net/uns

Re: FW: [PHP-DEV] OCIError patch

[Markus Fischer]

I'm -indefinite until the html gets out of it. There are no
error messages which do html on their own (if so, they are
bogus and need to be fixed). Command line does not use
.. anymore (has been fixed).

On Tue, Mar 12, 2002 at 02:02:30PM -0800, Daniel Ceregatti wrote : 
> Hi,
> 
> Andi, thanks for the feedback. I've changed the patch to include emalloc
> and efree.
> 
> I actually use PHP from the command line a lot and I've noticed that
> warnings always get wrapped in , so I figured it was ok to do HTML
> here too.
> 
> I've modified the patch to also include an "offset" element in the array
> returned by OCIError. This will allow someone to "roll their own" method
> for displaying the error.
> 
> I've decided to leave the code that produces "sqltext" in, because I
> have a feeling the lazy programmers (i.e. ME) will be happy with that
> instead.
> 
> New patch attached.
> 
> Daniel
> 
> >
> >-Original Message-
> >From: Andi Gutmans [mailto:[EMAIL PROTECTED]] 
> >Sent: Tuesday, March 12, 2002 13:08
> >To: Walter A. Boring IV; [EMAIL PROTECTED]
> >Subject: Re: [PHP-DEV] OCIError patch
> >
> >Hey,
> >
> >I'm not quite sure it's correct for the error message to print HTML
> >itself. 
> >It's probably more correct to do this from user land.
> >In any case, you should not be using malloc()/free() but
> >emalloc()/efree(). 
> >If the request gets interrupted the memory will be freed if you're using
> >
> >emalloc().
> >
> >Andi
> >
> >At 12:59 12/03/2002 -0800, Walter A. Boring IV wrote:
> >
> >>Ahh.  very kewl patch Dan.
> >>
> >>Walt
> >>
> >>On Tue, 2002-03-12 at 12:48, Daniel Ceregatti wrote:
> >>
> >>>Hi,
> >>>
> >>>I wrote a small patch to oci8.c's OCIError function which places the
> >>>following tag:
> >>>
> >>>
> >>>
> >>>just before an error in a sql statement and adds the modified
> >>>
> >statement
> >
> >>>text into a new element called "sqltext" to the array returned by
> >>>OCIError, much the same way sqlplus adds an asterisk under an error.
> >>>
> >>>I find this very useful, and I'm hoping you will too. I've attached
> >>>
> >the
> >
> >>>patch.
> >>>
> >>>Thanks,
> >>>
> >>>Daniel Ceregatti
> >>>
> >>>
> >>>--- php-4.1.2/ext/oci8/oci8.c.origTue Mar 12 11:56:17 2002
> >>>+++ php-4.1.2/ext/oci8/oci8.c Tue Mar 12 12:23:35 2002
> >>>@@ -4090,10 +4090,13 @@
> >>> zval **arg;
> >>> oci_statement *statement;
> >>> oci_connection *connection;
> >>>-text errbuf[512];
> >>>-sb4 errcode = 0;
> >>>+ text errbuf[512];
> >>>+ sb4 errcode = 0;
> >>> sword error = 0;
> >>> dvoid *errh = NULL;
> >>>+ ub2 errorofs = 0;
> >>>+ text *sqltext;
> >>>+ char *retsql;
> >>>
> >>> if (zend_get_parameters_ex(1, &arg) == SUCCESS) {
> >>> statement = (oci_statement *) zend_fetch_resource(arg 
> >>>
> >>TSRMLS_CC, -1, NULL, NULL, 1, le_stmt);
> >>
> >>>@@ -4130,10 +4133,33 @@
> >>> (ub4) sizeof(errbuf),
> >>> (ub4) OCI_HTYPE_ERROR));
> >>>
> >>>+ CALL_OCI_RETURN(statement->error, OCIAttrGet(
> >>>+ (dvoid *)statement->pStmt,
> >>>+ OCI_HTYPE_STMT,
> >>>+ (text *) &sqltext,
> >>>+ (ub4 *)0,
> >>>+ OCI_ATTR_STATEMENT,
> >>>+ statement->pError));
> >>>+
> >>>+ CALL_OCI_RETURN(statement->error, OCIAttrGet(
> >>>+ (dvoid *)statement->pStmt,
> >>>+ OCI_HTYPE_STMT,
> >>>+ (ub2 *)&errorofs,
> >>>+ (ub4 *)0,
> >>>+ OCI_ATTR_PARSE_ERROR_OFFSET,
> >>>+ statement->pError));
> >>>+
> >>> if (errcode) {
> >>>+ retsql = (char *) malloc (strlen (sqltext) + 100);
> >>>+ memset (retsql, 0, strlen (sqltext) + 100);
> >>>+ strncat (retsql, sqltext, (int) errorofs);
> >>>+ strcat (retsql, " >>>
> >>font-weight:bold\">");
> >>
> >>>+ strcat (retsql, (char *) sqltext + (int) errorofs);
> >>> array_init(return_value);
> >>> add_assoc_long(return_value, "code", errcode);
> >>>+ add_assoc_string(return_value, "sqltext", (char *) 
> >>>
> >>retsql, 1);
> >>
> >>> add_assoc_string(return_value, "message", (char*)
> >>>
> >errbuf, 1);
> >
> >>>+ free (retsql);
> >>> } else {
> >>> RETURN_FALSE;
> >>> }
> >>>
> >>>
> >>>
> >>>--
> >>>PHP Development Mailing List 
> >>>To unsubscribe, visit: http://www.php.net/unsub.php
> >>>
> >>
> >>--
> >>PHP Development Mailing List 
> >>To unsubscribe, visit: http://www.php.net/unsub.php
> >>
> >
> >
> >
> 
> -- 
> 
> Daniel Ceregatti - Programmer
> Omnis Networks, LLC
> 
> Q:What's a WASP's idea of open-mindedness?
> A: 

Re: FW: [PHP-DEV] OCIError patch

[Daniel Ceregatti]

Hi,

Andi, thanks for the feedback. I've changed the patch to include emalloc
and efree.

I actually use PHP from the command line a lot and I've noticed that
warnings always get wrapped in , so I figured it was ok to do HTML
here too.

I've modified the patch to also include an "offset" element in the array
returned by OCIError. This will allow someone to "roll their own" method
for displaying the error.

I've decided to leave the code that produces "sqltext" in, because I
have a feeling the lazy programmers (i.e. ME) will be happy with that
instead.

New patch attached.

Daniel

>
>-Original Message-
>From: Andi Gutmans [mailto:[EMAIL PROTECTED]] 
>Sent: Tuesday, March 12, 2002 13:08
>To: Walter A. Boring IV; [EMAIL PROTECTED]
>Subject: Re: [PHP-DEV] OCIError patch
>
>Hey,
>
>I'm not quite sure it's correct for the error message to print HTML
>itself. 
>It's probably more correct to do this from user land.
>In any case, you should not be using malloc()/free() but
>emalloc()/efree(). 
>If the request gets interrupted the memory will be freed if you're using
>
>emalloc().
>
>Andi
>
>At 12:59 12/03/2002 -0800, Walter A. Boring IV wrote:
>
>>Ahh.  very kewl patch Dan.
>>
>>Walt
>>
>>On Tue, 2002-03-12 at 12:48, Daniel Ceregatti wrote:
>>
>>>Hi,
>>>
>>>I wrote a small patch to oci8.c's OCIError function which places the
>>>following tag:
>>>
>>>
>>>
>>>just before an error in a sql statement and adds the modified
>>>
>statement
>
>>>text into a new element called "sqltext" to the array returned by
>>>OCIError, much the same way sqlplus adds an asterisk under an error.
>>>
>>>I find this very useful, and I'm hoping you will too. I've attached
>>>
>the
>
>>>patch.
>>>
>>>Thanks,
>>>
>>>Daniel Ceregatti
>>>
>>>
>>>--- php-4.1.2/ext/oci8/oci8.c.origTue Mar 12 11:56:17 2002
>>>+++ php-4.1.2/ext/oci8/oci8.c Tue Mar 12 12:23:35 2002
>>>@@ -4090,10 +4090,13 @@
>>>  zval **arg;
>>>  oci_statement *statement;
>>>  oci_connection *connection;
>>>-text errbuf[512];
>>>-sb4 errcode = 0;
>>>+ text errbuf[512];
>>>+ sb4 errcode = 0;
>>>  sword error = 0;
>>>  dvoid *errh = NULL;
>>>+ ub2 errorofs = 0;
>>>+ text *sqltext;
>>>+ char *retsql;
>>>
>>>  if (zend_get_parameters_ex(1, &arg) == SUCCESS) {
>>>  statement = (oci_statement *) zend_fetch_resource(arg 
>>>
>>TSRMLS_CC, -1, NULL, NULL, 1, le_stmt);
>>
>>>@@ -4130,10 +4133,33 @@
>>>  (ub4) sizeof(errbuf),
>>>  (ub4) OCI_HTYPE_ERROR));
>>>
>>>+ CALL_OCI_RETURN(statement->error, OCIAttrGet(
>>>+ (dvoid *)statement->pStmt,
>>>+ OCI_HTYPE_STMT,
>>>+ (text *) &sqltext,
>>>+ (ub4 *)0,
>>>+ OCI_ATTR_STATEMENT,
>>>+ statement->pError));
>>>+
>>>+ CALL_OCI_RETURN(statement->error, OCIAttrGet(
>>>+ (dvoid *)statement->pStmt,
>>>+ OCI_HTYPE_STMT,
>>>+ (ub2 *)&errorofs,
>>>+ (ub4 *)0,
>>>+ OCI_ATTR_PARSE_ERROR_OFFSET,
>>>+ statement->pError));
>>>+
>>>  if (errcode) {
>>>+ retsql = (char *) malloc (strlen (sqltext) + 100);
>>>+ memset (retsql, 0, strlen (sqltext) + 100);
>>>+ strncat (retsql, sqltext, (int) errorofs);
>>>+ strcat (retsql, ">>
>>font-weight:bold\">");
>>
>>>+ strcat (retsql, (char *) sqltext + (int) errorofs);
>>>  array_init(return_value);
>>>  add_assoc_long(return_value, "code", errcode);
>>>+ add_assoc_string(return_value, "sqltext", (char *) 
>>>
>>retsql, 1);
>>
>>>  add_assoc_string(return_value, "message", (char*)
>>>
>errbuf, 1);
>
>>>+ free (retsql);
>>>  } else {
>>>  RETURN_FALSE;
>>>  }
>>>
>>>
>>>
>>>--
>>>PHP Development Mailing List 
>>>To unsubscribe, visit: http://www.php.net/unsub.php
>>>
>>
>>--
>>PHP Development Mailing List 
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
>
>

-- 

Daniel Ceregatti - Programmer
Omnis Networks, LLC

Q:  What's a WASP's idea of open-mindedness?
A:  Dating a Canadian.




--- php-4.1.2/ext/oci8/oci8.c.orig  Tue Mar 12 11:56:17 2002
+++ php-4.1.2/ext/oci8/oci8.c   Tue Mar 12 13:49:07 2002
@@ -4090,10 +4090,13 @@
zval **arg;
oci_statement *statement;
oci_connection *connection;
-text errbuf[512];
-sb4 errcode = 0;
+   text errbuf[512];
+   sb4 errcode = 0;
sword error = 0;
dvoid *errh = NULL;
+   ub2 errorofs = 0;
+   text *sqltext;
+   char *retsql;
 
if (zend_get_parameters_ex(1, &arg) == SUCCESS) {
statement = (oci_statement *) ze

Re: [PHP-DEV] OCIError patch

[Andi Gutmans]

Hey,

I'm not quite sure it's correct for the error message to print HTML itself. 
It's probably more correct to do this from user land.
In any case, you should not be using malloc()/free() but emalloc()/efree(). 
If the request gets interrupted the memory will be freed if you're using 
emalloc().

Andi

At 12:59 12/03/2002 -0800, Walter A. Boring IV wrote:
>Ahh.  very kewl patch Dan.
>
>Walt
>
>On Tue, 2002-03-12 at 12:48, Daniel Ceregatti wrote:
> > Hi,
> >
> > I wrote a small patch to oci8.c's OCIError function which places the
> > following tag:
> >
> > 
> >
> > just before an error in a sql statement and adds the modified statement
> > text into a new element called "sqltext" to the array returned by
> > OCIError, much the same way sqlplus adds an asterisk under an error.
> >
> > I find this very useful, and I'm hoping you will too. I've attached the
> > patch.
> >
> > Thanks,
> >
> > Daniel Ceregatti
> > 
> >
>
> > --- php-4.1.2/ext/oci8/oci8.c.origTue Mar 12 11:56:17 2002
> > +++ php-4.1.2/ext/oci8/oci8.c Tue Mar 12 12:23:35 2002
> > @@ -4090,10 +4090,13 @@
> >   zval **arg;
> >   oci_statement *statement;
> >   oci_connection *connection;
> > -text errbuf[512];
> > -sb4 errcode = 0;
> > + text errbuf[512];
> > + sb4 errcode = 0;
> >   sword error = 0;
> >   dvoid *errh = NULL;
> > + ub2 errorofs = 0;
> > + text *sqltext;
> > + char *retsql;
> >
> >   if (zend_get_parameters_ex(1, &arg) == SUCCESS) {
> >   statement = (oci_statement *) zend_fetch_resource(arg 
> TSRMLS_CC, -1, NULL, NULL, 1, le_stmt);
> > @@ -4130,10 +4133,33 @@
> >   (ub4) sizeof(errbuf),
> >   (ub4) OCI_HTYPE_ERROR));
> >
> > + CALL_OCI_RETURN(statement->error, OCIAttrGet(
> > + (dvoid *)statement->pStmt,
> > + OCI_HTYPE_STMT,
> > + (text *) &sqltext,
> > + (ub4 *)0,
> > + OCI_ATTR_STATEMENT,
> > + statement->pError));
> > +
> > + CALL_OCI_RETURN(statement->error, OCIAttrGet(
> > + (dvoid *)statement->pStmt,
> > + OCI_HTYPE_STMT,
> > + (ub2 *)&errorofs,
> > + (ub4 *)0,
> > + OCI_ATTR_PARSE_ERROR_OFFSET,
> > + statement->pError));
> > +
> >   if (errcode) {
> > + retsql = (char *) malloc (strlen (sqltext) + 100);
> > + memset (retsql, 0, strlen (sqltext) + 100);
> > + strncat (retsql, sqltext, (int) errorofs);
> > + strcat (retsql, " font-weight:bold\">");
> > + strcat (retsql, (char *) sqltext + (int) errorofs);
> >   array_init(return_value);
> >   add_assoc_long(return_value, "code", errcode);
> > + add_assoc_string(return_value, "sqltext", (char *) 
> retsql, 1);
> >   add_assoc_string(return_value, "message", (char*) errbuf, 1);
> > + free (retsql);
> >   } else {
> >   RETURN_FALSE;
> >   }
> >
> > 
> >
>
> > --
> > PHP Development Mailing List 
> > To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>--
>PHP Development Mailing List 
>To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] exec + safemode

[Lars Torben Wilson]

On Tue, 2002-03-12 at 07:30, Stefan Esser wrote:
> Morning, (maybe i am just blind...)
> 
> I doubt this can be counted as support question *grin*
> 
> Has anyone of you ever tried to exec a command while in safe_mode?
> 
> exec ("blub"); works fine, but it seems impossible to give a param
> to blub that has spaces in it.
> 
> 
> Stefan

Well, it is sorta off-topic for this list, but hey. :)

It's in the bug database: http://bugs.php.net/bug.php?id=15157

Essentially: we know about it, but haven't gotten around to
documenting it. If someone would like to fix it, that would 
probably be the best solution. 


-- 
 Torben Wilson <[EMAIL PROTECTED]>
 http://www.thebuttlesschaps.com
 http://www.hybrid17.com
 http://www.inflatableeye.com
 +1.604.709.0506


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] the dl() issue

[Shane Caraveo]

> At 10:43 AM 3/12/2002, Shane Caraveo wrote:
> > > The stability issue is fairly obvious (you're much more likely to
screw up
> > > in a multithreaded environment if you load/unload libraries like hell,
than
> > > you are if you load them once, process-wide;  this affects both code
in PHP
> > > and code in the libraries themselves).
> >
> >That has nothing to do with dynamically loading modules at runtime.
>
> It has lots to do with that.
>
> >First, the modules should not be unloaded until php is unloaded.
>
> Then you're not talking about dl(), because dl()'d modules get unloaded at
> the end of the request.

I am talking about dl.  'should' being the keyword.  I see no reason at all
that dl should unload the module after the request, and the fact that it
does seems to be the primary reason there are problems and (probably) its
getting depricated.

> We can, relatively easily, add an administrative way of loading modules,
> server-wide and without being able to unload them.  This will not,
however,
> be anything that's remotely equivalent to dl(), and does not address your
> (IMHO unexplained) requirement to 'load different modules for different
> parts of the site'.

It absolutely does, and being able to do it via script rather than an ini
file does.  The architecture of web servers is drasticly changed from the
days of IIS3/4.  You can load seperate instances of and isapi module for
different web servers.  So a web server running php scripts that only need
the imap module for instance, would not need to load a dozen other modules
needed by a different web server.

> It's basically the same as loading them in php.ini,
> but not doing it in php.ini.  I can't find a very good reason for doing
> that (other than the unexplained hatred towards php.ini :).  The
> performance and stability problems that affect dl() will not affect this
> feature, but the security implications will.

ini is a general pain for others as well, it's not just an extension issue.

> >Arbitrary code?  extension_dir defines where you can load from, and you
> >can only load dll's that exist within that.
>
> Security is a relative term.  There's no absolute security, and there are
a
> zillion different degrees of security.  By adding dl(), you degrade PHP's
> level of security because you bring the danger closer.  With dl(), all the
> user has to do in order to exploit your server is figure out a way to put
> exploit code in a certain directory, and voila.  Without it - he has no
way
> of loading executable code into the server, no matter what.  From a
> security perspective, there's no question that adding it degrades
security,
> the only question is how much.

First, this ignores the fact that paranoid sysadmins, or ISP's which should
be paranoid, can dissable dl, and load whatever is necessary into php.ini.

This also takes for granted that the user has already exploited the system
and gained access necessary to put executable code on the server.  If the
user has gotten that far, it doesn't matter what php does or does not do.
If the user has that much access, they can put a dl in the extension_dir and
modify php.ini.  Next time the web server starts, exploitable code is
loaded.  dl makes no difference here.

>
> >   Additionally, the dl
> >loading
> >code looks for specific exports to even be able to load the dll.
>
> Well, they're quite easy to implement.

That's beside the point.  The point being that a number of steps must occure
for code to be exploitable via dl.

> >  The
> >only security issue is if the administrator puts arbitrary dll's into
> >the path defined by extension_dir.  The really paranoid can disable the
> >function in php.ini.  If you're worried about security issues with dl,
> >we should all be much more fearful of the COM, Corba and .Net
> >extensions.
>
> COM, Corba and .NET give you accessibility to objects that are already
> installed on the system, with whatever permissions and policies that are
> enforced by their installation.  dl() gives you a way of doing all sorts
of
> nasty things within the web server.  I don't pretend to know what can be
> done using dl(), as I don't spend my days trying to figure out exploits.
I
> know that it's bad security wise, and to say the least, it doesn't sound
> unreasonable that it's exploitable.

And, at least under IIS, you have the option of configuration file system
level security for any dll.  dl() does not give any way to do anything
nasty, other than allowing a dll to be loaded.

> >I just find it more than slightly sad that PHP cannot dynamicly load
> >extensions when Perl, Python, and other script languages don't have
> >problems with this, and are in fact designed to do it that way to begin
> >with.  I think it's very short sighted to not have this ability.
>
> Neither Python nor Perl were designed as server plugins, definitely not
> multithreaded server plugins.  IMHO adding dl() to PHP in the first place,
> a-la Perl, was short-sighted because it really doe

Re: [PHP-DEV] OCIError patch

[Walter A. Boring IV]

Ahh.  very kewl patch Dan.

Walt

On Tue, 2002-03-12 at 12:48, Daniel Ceregatti wrote:
> Hi,
> 
> I wrote a small patch to oci8.c's OCIError function which places the 
> following tag:
> 
> 
> 
> just before an error in a sql statement and adds the modified statement 
> text into a new element called "sqltext" to the array returned by 
> OCIError, much the same way sqlplus adds an asterisk under an error.
> 
> I find this very useful, and I'm hoping you will too. I've attached the 
> patch.
> 
> Thanks,
> 
> Daniel Ceregatti
> 
> 

> --- php-4.1.2/ext/oci8/oci8.c.origTue Mar 12 11:56:17 2002
> +++ php-4.1.2/ext/oci8/oci8.c Tue Mar 12 12:23:35 2002
> @@ -4090,10 +4090,13 @@
>   zval **arg;
>   oci_statement *statement;
>   oci_connection *connection;
> -text errbuf[512];
> -sb4 errcode = 0;
> + text errbuf[512];
> + sb4 errcode = 0;
>   sword error = 0;
>   dvoid *errh = NULL;
> + ub2 errorofs = 0;
> + text *sqltext;
> + char *retsql;
>  
>   if (zend_get_parameters_ex(1, &arg) == SUCCESS) {
>   statement = (oci_statement *) zend_fetch_resource(arg TSRMLS_CC, -1, 
>NULL, NULL, 1, le_stmt);
> @@ -4130,10 +4133,33 @@
>   (ub4) sizeof(errbuf),
>   (ub4) OCI_HTYPE_ERROR));
>  
> + CALL_OCI_RETURN(statement->error, OCIAttrGet(
> + (dvoid *)statement->pStmt,
> + OCI_HTYPE_STMT,
> + (text *) &sqltext,
> + (ub4 *)0,
> + OCI_ATTR_STATEMENT,
> + statement->pError));
> +
> + CALL_OCI_RETURN(statement->error, OCIAttrGet(
> + (dvoid *)statement->pStmt,
> + OCI_HTYPE_STMT,
> + (ub2 *)&errorofs,
> + (ub4 *)0,
> + OCI_ATTR_PARSE_ERROR_OFFSET,
> + statement->pError));
> +
>   if (errcode) {
> + retsql = (char *) malloc (strlen (sqltext) + 100);
> + memset (retsql, 0, strlen (sqltext) + 100);
> + strncat (retsql, sqltext, (int) errorofs);
> + strcat (retsql, "font-weight:bold\">");
> + strcat (retsql, (char *) sqltext + (int) errorofs);
>   array_init(return_value);
>   add_assoc_long(return_value, "code", errcode);
> + add_assoc_string(return_value, "sqltext", (char *) retsql, 1);
>   add_assoc_string(return_value, "message", (char*) errbuf, 1);
> + free (retsql);
>   } else {
>   RETURN_FALSE;
>   }
> 
> 
> 

> -- 
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] OCIError patch

[Daniel Ceregatti]

Hi,

I wrote a small patch to oci8.c's OCIError function which places the 
following tag:



just before an error in a sql statement and adds the modified statement 
text into a new element called "sqltext" to the array returned by 
OCIError, much the same way sqlplus adds an asterisk under an error.

I find this very useful, and I'm hoping you will too. I've attached the 
patch.

Thanks,

Daniel Ceregatti


--- php-4.1.2/ext/oci8/oci8.c.orig  Tue Mar 12 11:56:17 2002
+++ php-4.1.2/ext/oci8/oci8.c   Tue Mar 12 12:23:35 2002
@@ -4090,10 +4090,13 @@
zval **arg;
oci_statement *statement;
oci_connection *connection;
-text errbuf[512];
-sb4 errcode = 0;
+   text errbuf[512];
+   sb4 errcode = 0;
sword error = 0;
dvoid *errh = NULL;
+   ub2 errorofs = 0;
+   text *sqltext;
+   char *retsql;
 
if (zend_get_parameters_ex(1, &arg) == SUCCESS) {
statement = (oci_statement *) zend_fetch_resource(arg TSRMLS_CC, -1, 
NULL, NULL, 1, le_stmt);
@@ -4130,10 +4133,33 @@
(ub4) sizeof(errbuf),
(ub4) OCI_HTYPE_ERROR));
 
+   CALL_OCI_RETURN(statement->error, OCIAttrGet(
+   (dvoid *)statement->pStmt,
+   OCI_HTYPE_STMT,
+   (text *) &sqltext,
+   (ub4 *)0,
+   OCI_ATTR_STATEMENT,
+   statement->pError));
+
+   CALL_OCI_RETURN(statement->error, OCIAttrGet(
+   (dvoid *)statement->pStmt,
+   OCI_HTYPE_STMT,
+   (ub2 *)&errorofs,
+   (ub4 *)0,
+   OCI_ATTR_PARSE_ERROR_OFFSET,
+   statement->pError));
+
if (errcode) {
+   retsql = (char *) malloc (strlen (sqltext) + 100);
+   memset (retsql, 0, strlen (sqltext) + 100);
+   strncat (retsql, sqltext, (int) errorofs);
+   strcat (retsql, "");
+   strcat (retsql, (char *) sqltext + (int) errorofs);
array_init(return_value);
add_assoc_long(return_value, "code", errcode);
+   add_assoc_string(return_value, "sqltext", (char *) retsql, 1);
add_assoc_string(return_value, "message", (char*) errbuf, 1);
+   free (retsql);
} else {
RETURN_FALSE;
}



-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Passing PHP Arrays as type "hidden" in a HTML Form

[Sander Roobol]

It might be a bit late, but PHP-DEV is for developing PHP, not for 
developing WITH PHP. Use [EMAIL PROTECTED] for support 
questions.

Sander

On 2002.03.12 20:37 Surya Saraff wrote:
> Hi,
> actually, I encountered serialize(), urlencode()
> AND IT WORKS!!!
> 
> first you serialize(), then urlencode
> then urlencode() and unserialize() to get back the
> original array.
> 
> thanks
> surya
> 
> 
> --- "Hunter, Ray" <[EMAIL PROTECTED]> wrote:
> > Try using the $_POST function for getting the
> > variable...
> >
> > echo " > value=\"$status[]\">";
> > $oldStatus = $_POST["oldStatus"];
> >
> >
> > Thank you,
> >
> > Ray Hunter
> > Firmware Engineer
> >
> > ENTERASYS NETWORKS
> >
> >
> > -Original Message-
> > From: Surya Saraff [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, March 12, 2002 11:42 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [PHP-DEV] Passing PHP Arrays as type
> > "hidden" in a HTML Form
> >
> >
> > Dear Ray,
> >
> > when I try
> > echo " > value=\"$status[]>";
> >
> >
> > I get:
> > Parse error: parse error, expecting `T_STRING' or
> > `T_VARIABLE' or `T_NUM_STRING'
> >
> >
> > And when I remove [], and in the next page I do
> > $oldStatus = $HTTP_POST_VARS["oldStatus"];
> > echo $oldStatus[1]; //i get "r"
> >
> > Sorry, to bother you again.  But, if u have any
> > other suggestions please let
> > me know
> >
> > thanks
> > surya
> >
> > --- "Hunter, Ray" <[EMAIL PROTECTED]> wrote:
> > > Do it like this:
> > >
> > > $status = array( 0, 1 )
> > >
> > > echo " > > value=\"$status[]>";
> > >
> > > Then access the array through the name...
> > oldStatus
> > > here...
> > >
> > >
> > >
> > >
> > > Thank you,
> > >
> > > Ray Hunter
> > > Firmware Engineer
> > >
> > > ENTERASYS NETWORKS
> > >
> > >
> > > -Original Message-
> > > From: Surya Saraff [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, March 12, 2002 10:07 AM
> > > To: [EMAIL PROTECTED]
> > > Cc: [EMAIL PROTECTED]
> > > Subject: RE: [PHP-DEV] Passing PHP Arrays as type
> > > "hidden" in a HTML Form
> > >
> > >
> > > Hi,
> > >
> > > I had tried it, it doesnt work.
> > > in t1.php:
> > >
> > > echo $a; //give me "Array"
> > > echo $a[1] //gives me "A"
> > > echo $a[2] //gives me "r" and so on...
> > >
> > > $a just gets the value "Array", but not the
> > > elements.
> > >
> > > Any suggestions?
> > >
> > > thanks,
> > > surya
> > >
> > >
> > > --- "Hunter, Ray" <[EMAIL PROTECTED]> wrote:
> > > > Yes that is possible...
> > > >
> > > >
> > > >
> > > > Thank you,
> > > >
> > > > Ray Hunter
> > > > Firmware Engineer
> > > >
> > > > ENTERASYS NETWORKS
> > > >
> > > >
> > > > -Original Message-
> > > > From: Surya Saraff
> > [mailto:[EMAIL PROTECTED]]
> > > > Sent: Tuesday, March 12, 2002 9:48 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: [PHP-DEV] Passing PHP Arrays as type
> > > > "hidden" in a HTML Form
> > > >
> > > >
> > > > Hi,
> > > >
> > > > I am trying to pass an array with hidden type
> > and
> > > > access it by value.
> > > >
> > > > for eg:
> > > >
> > > > IN t.php
> > > >
> > > >  > > >   $a = array(1, 2, 3, 4, 5);
> > > >   print (" > > > >");
> > > >   print(" > > =$a
> > > > >");
> > > >   print("");
> > > >   print("");
> > > > ?>
> > > >
> > > > IN t1.php (the page i am calling)
> > > >
> > > >  > > > $a = $HTTP_POST_VARS["_a"];
> > > > echo $a[1];  //i want "2" to be printed here,
> > > since
> > > > $a[0]=1, $a[1] =2  --- is it possible?
> > > > ?>
> > > >
> > > >
> > > > Any suggestions as to how can I pass the value
> > of
> > > > the
> > > > array through an HTML form, would be a great
> > help!
> > > >
> > > > Thanks,
> > > > Surya
> > > >
> > > >
> > __
> > > > Do You Yahoo!?
> > > > Try FREE Yahoo! Mail - the world's greatest free
> > > > email!
> > > > http://mail.yahoo.com/
> > > >
> > > > --
> > > > PHP Development Mailing List
> > 
> > > > To unsubscribe, visit:
> > > http://www.php.net/unsub.php
> > > >
> > >
> > >
> > > __
> > > Do You Yahoo!?
> > > Try FREE Yahoo! Mail - the world's greatest free
> > > email!
> > > http://mail.yahoo.com/
> > >
> >
> >
> > __
> > Do You Yahoo!?
> > Try FREE Yahoo! Mail - the world's greatest free
> > email!
> > http://mail.yahoo.com/
> >
> 
> 
> __
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free email!
> http://mail.yahoo.com/
> 
> --
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 
> 

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DEV] Passing PHP Arrays as type "hidden" in a HTML Form

[Surya Saraff]

Hi,
actually, I encountered serialize(), urlencode() 
AND IT WORKS!!!

first you serialize(), then urlencode
then urlencode() and unserialize() to get back the
original array.

thanks
surya


--- "Hunter, Ray" <[EMAIL PROTECTED]> wrote:
> Try using the $_POST function for getting the
> variable...
> 
> echo " value=\"$status[]\">";
> $oldStatus = $_POST["oldStatus"];
> 
> 
> Thank you,
> 
> Ray Hunter
> Firmware Engineer
> 
> ENTERASYS NETWORKS
> 
> 
> -Original Message-
> From: Surya Saraff [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, March 12, 2002 11:42 AM
> To: [EMAIL PROTECTED]
> Subject: RE: [PHP-DEV] Passing PHP Arrays as type
> "hidden" in a HTML Form
> 
> 
> Dear Ray,
> 
> when I try 
> echo " value=\"$status[]>";
> 
> 
> I get:
> Parse error: parse error, expecting `T_STRING' or
> `T_VARIABLE' or `T_NUM_STRING' 
> 
> 
> And when I remove [], and in the next page I do 
> $oldStatus = $HTTP_POST_VARS["oldStatus"];
> echo $oldStatus[1]; //i get "r"
> 
> Sorry, to bother you again.  But, if u have any
> other suggestions please let
> me know
> 
> thanks
> surya
> 
> --- "Hunter, Ray" <[EMAIL PROTECTED]> wrote:
> > Do it like this:
> > 
> > $status = array( 0, 1 )
> > 
> > echo " > value=\"$status[]>";
> > 
> > Then access the array through the name...
> oldStatus
> > here...
> > 
> > 
> > 
> > 
> > Thank you,
> > 
> > Ray Hunter
> > Firmware Engineer
> > 
> > ENTERASYS NETWORKS
> > 
> > 
> > -Original Message-
> > From: Surya Saraff [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, March 12, 2002 10:07 AM
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: RE: [PHP-DEV] Passing PHP Arrays as type
> > "hidden" in a HTML Form
> > 
> > 
> > Hi,
> > 
> > I had tried it, it doesnt work.
> > in t1.php:
> > 
> > echo $a; //give me "Array"
> > echo $a[1] //gives me "A"
> > echo $a[2] //gives me "r" and so on...
> > 
> > $a just gets the value "Array", but not the
> > elements.
> > 
> > Any suggestions?
> > 
> > thanks,
> > surya
> > 
> > 
> > --- "Hunter, Ray" <[EMAIL PROTECTED]> wrote:
> > > Yes that is possible...
> > > 
> > > 
> > > 
> > > Thank you,
> > > 
> > > Ray Hunter
> > > Firmware Engineer
> > > 
> > > ENTERASYS NETWORKS
> > > 
> > > 
> > > -Original Message-
> > > From: Surya Saraff
> [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, March 12, 2002 9:48 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: [PHP-DEV] Passing PHP Arrays as type
> > > "hidden" in a HTML Form
> > > 
> > > 
> > > Hi,
> > > 
> > > I am trying to pass an array with hidden type
> and
> > > access it by value.
> > > 
> > > for eg:
> > > 
> > > IN t.php
> > > 
> > >  > >   $a = array(1, 2, 3, 4, 5);
> > >   print (" > > >");
> > >   print(" > =$a
> > > >");
> > >   print("");
> > >   print("");
> > > ?>
> > > 
> > > IN t1.php (the page i am calling)
> > > 
> > >  > > $a = $HTTP_POST_VARS["_a"];
> > > echo $a[1];  //i want "2" to be printed here,
> > since
> > > $a[0]=1, $a[1] =2  --- is it possible?
> > > ?>
> > > 
> > > 
> > > Any suggestions as to how can I pass the value
> of
> > > the
> > > array through an HTML form, would be a great
> help!
> > > 
> > > Thanks,
> > > Surya
> > > 
> > >
> __
> > > Do You Yahoo!?
> > > Try FREE Yahoo! Mail - the world's greatest free
> > > email!
> > > http://mail.yahoo.com/
> > > 
> > > --
> > > PHP Development Mailing List
> 
> > > To unsubscribe, visit:
> > http://www.php.net/unsub.php
> > > 
> > 
> > 
> > __
> > Do You Yahoo!?
> > Try FREE Yahoo! Mail - the world's greatest free
> > email!
> > http://mail.yahoo.com/
> > 
> 
> 
> __
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free
> email!
> http://mail.yahoo.com/
> 


__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] CVS Account Request: mcastro

[Maurício de Castro]

Translate to Portugese the functions of PHP. I'm translate the Images Functions and 
later I intend to translate more.
Rasmul Lerdorf told me to fill the form here.

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] safe_mode + exec

[Stefan Esser]

Hi,

i want your opinions for a clean solution of the safe_mode + exec problem.
Right now it is not possible to execute stuff like
   
/usr/local/bin/mybin "param 1" "param 2"

because the whole line is passed to php_escape_shell_cmd
Is there any problem that i oversee, if we simply overjump quoted
parts? 

Stefan

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] mbstring module

[brad lafountain]

the code above prints out
11
16


... is this correct??? If so why does it work this way.

- Brad



__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Quick summary of changes

[Rasmus Lerdorf]

Ah, never noticed that.  I guess ext/zlib is a bit of a special case.

On Tue, 12 Mar 2002 [EMAIL PROTECTED] wrote:

> On Tue, 12 Mar 2002, Rasmus Lerdorf wrote:
>
> > Could you give me a quick summary of the changes.  I am a little confused
> > as to why ext/zlib doesn't have a config.m4 file anymore, for example.  I
> > see the config0.m4 file.  What's the difference?
>
> the 0 there makes sure it gets into another stage of the buildprocess, the
> top IIRC, it was added @ 12th May 2001, 12:09am (10 months ago).
>
> Derick
>
> >
> > Also, right now things don't build.  The error is:
> >
> > main/internal_functions_cli.lo: In function
> > `php_startup_internal_extensions':
> > /home/rasmus/php4/main/internal_functions_cli.c:85: undefined reference to
> > `php_zlib_module_entry'
> > collect2: ld returned 1 exit status
> > make: *** [sapi/cli/php] Error 1
> >
> >
> > --
> > PHP Development Mailing List 
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
> --
>   PHP: Scripting the Web - [EMAIL PROTECTED]
> All your branches are belong to me!
> SRM: Site Resource Manager - www.vl-srm.net
> ---
>


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: Quick summary of changes

[Sascha Schumann]

On Tue, 12 Mar 2002, Rasmus Lerdorf wrote:

> Could you give me a quick summary of the changes.  I am a little confused

Please refer to the posting New Build System committed to
Head.

> as to why ext/zlib doesn't have a config.m4 file anymore, for example.  I

That has been the case since about 10 months.

> see the config0.m4 file.  What's the difference?

zlib's config.m4 is executed before all other config.m4s.

> Also, right now things don't build.  The error is:

Fixed.

- Sascha Experience IRCG
  http://schumann.cx/http://schumann.cx/ircg


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Quick summary of changes

[derick]

On Tue, 12 Mar 2002, Rasmus Lerdorf wrote:

> Could you give me a quick summary of the changes.  I am a little confused
> as to why ext/zlib doesn't have a config.m4 file anymore, for example.  I
> see the config0.m4 file.  What's the difference?

the 0 there makes sure it gets into another stage of the buildprocess, the 
top IIRC, it was added @ 12th May 2001, 12:09am (10 months ago).

Derick

> 
> Also, right now things don't build.  The error is:
> 
> main/internal_functions_cli.lo: In function
> `php_startup_internal_extensions':
> /home/rasmus/php4/main/internal_functions_cli.c:85: undefined reference to
> `php_zlib_module_entry'
> collect2: ld returned 1 exit status
> make: *** [sapi/cli/php] Error 1
> 
> 
> -- 
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

--
  PHP: Scripting the Web - [EMAIL PROTECTED]
All your branches are belong to me!
SRM: Site Resource Manager - www.vl-srm.net
---


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Quick summary of changes

[Rasmus Lerdorf]

Could you give me a quick summary of the changes.  I am a little confused
as to why ext/zlib doesn't have a config.m4 file anymore, for example.  I
see the config0.m4 file.  What's the difference?

Also, right now things don't build.  The error is:

main/internal_functions_cli.lo: In function
`php_startup_internal_extensions':
/home/rasmus/php4/main/internal_functions_cli.c:85: undefined reference to
`php_zlib_module_entry'
collect2: ld returned 1 exit status
make: *** [sapi/cli/php] Error 1


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DEV] Passing PHP Arrays as type "hidden" in a HTML Form

[Hunter, Ray]

Title: RE: [PHP-DEV] Passing PHP Arrays as type "hidden" in a HTML Form





Do it like this:


$status = array( 0, 1 )


echo "";


Then access the array through the name... oldStatus here...





Thank you,


Ray Hunter
Firmware Engineer


ENTERASYS NETWORKS



-Original Message-
From: Surya Saraff [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, March 12, 2002 10:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP-DEV] Passing PHP Arrays as type "hidden" in a HTML Form



Hi,


I had tried it, it doesnt work.
in t1.php:


echo $a; //give me "Array"
echo $a[1] //gives me "A"
echo $a[2] //gives me "r" and so on...


$a just gets the value "Array", but not the elements.


Any suggestions?


thanks,
surya



--- "Hunter, Ray" <[EMAIL PROTECTED]> wrote:
> Yes that is possible...
> 
> 
> 
> Thank you,
> 
> Ray Hunter
> Firmware Engineer
> 
> ENTERASYS NETWORKS
> 
> 
> -Original Message-
> From: Surya Saraff [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, March 12, 2002 9:48 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DEV] Passing PHP Arrays as type
> "hidden" in a HTML Form
> 
> 
> Hi,
> 
> I am trying to pass an array with hidden type and
> access it by value.
> 
> for eg:
> 
> IN t.php
> 
> 
>   $a = array(1, 2, 3, 4, 5);
>   print ("
> >");
>   print("
> >");
>   print("");
>   print("");
> ?>
> 
> IN t1.php (the page i am calling)
> 
> 
> $a = $HTTP_POST_VARS["_a"];
> echo $a[1];  //i want "2" to be printed here, since
> $a[0]=1, $a[1] =2  --- is it possible?
> ?>
> 
> 
> Any suggestions as to how can I pass the value of
> the
> array through an HTML form, would be a great help!
> 
> Thanks,
> Surya
> 
> __
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free
> email!
> http://mail.yahoo.com/
> 
> --
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php
> 



__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

RE: [PHP-DEV] Passing PHP Arrays as type "hidden" in a HTML Form

[Surya Saraff]

Hi,

I had tried it, it doesnt work.
in t1.php:

echo $a; //give me "Array"
echo $a[1] //gives me "A"
echo $a[2] //gives me "r" and so on...

$a just gets the value "Array", but not the elements.

Any suggestions?

thanks,
surya


--- "Hunter, Ray" <[EMAIL PROTECTED]> wrote:
> Yes that is possible...
> 
> 
> 
> Thank you,
> 
> Ray Hunter
> Firmware Engineer
> 
> ENTERASYS NETWORKS
> 
> 
> -Original Message-
> From: Surya Saraff [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, March 12, 2002 9:48 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP-DEV] Passing PHP Arrays as type
> "hidden" in a HTML Form
> 
> 
> Hi,
> 
> I am trying to pass an array with hidden type and
> access it by value. 
> 
> for eg:
> 
> IN t.php
> 
>$a = array(1, 2, 3, 4, 5);
>   print (" >");
>   print(" >");
>   print("");
>   print("");
> ?>
> 
> IN t1.php (the page i am calling)
> 
>  $a = $HTTP_POST_VARS["_a"];
> echo $a[1];  //i want "2" to be printed here, since
> $a[0]=1, $a[1] =2  --- is it possible?
> ?>
> 
> 
> Any suggestions as to how can I pass the value of
> the
> array through an HTML form, would be a great help!
> 
> Thanks,
> Surya
> 
> __
> Do You Yahoo!?
> Try FREE Yahoo! Mail - the world's greatest free
> email!
> http://mail.yahoo.com/
> 
> -- 
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Passing PHP Arrays as type "hidden" in a HTML Form

[Surya Saraff]

Hi,

I am trying to pass an array with hidden type and
access it by value. 

for eg:

IN t.php

");
  print("");
  print("");
  print("");
?>

IN t1.php (the page i am calling)




Any suggestions as to how can I pass the value of the
array through an HTML form, would be a great help!

Thanks,
Surya

__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] PHP audit project

[Marcus Börger]

In addition to Zeev,

Hey guys where is your problem if someone wants to infect php code with
functions that increases stability of code? The last days i spent much work
to get ext/exif working and many problems came from missuse of strxxx
functions. Changing to functions like strlcpy makes the code much more
stable and independent from exernal failures.

And here again you cannot rely on the fact that you have read any standard
about external stuff you are working on requirements/securisations of code
not from yourself. Everything that comes from outside to php can be wrong
and should be considered as such - this will also increase security against
some server-attack mechanisms. And we are a large group doing an eXtreme
developing - who knows exactly which function changes next day in which way?

marcus

At 14:31 11.03.2002, Zeev Suraski wrote:
>Frank,
>
>Don't be discouraged by the feedback here.  Your efforts are well 
>appreciated!  You can choose to use whichever functions you deem best, as 
>long as you're the one doing the work :)
>
>Zeev
>
>At 02:23 PM 3/11/2002, Jedi/Sector One wrote:
>>On Mon, Mar 11, 2002 at 01:21:02PM +0100, Stefan Esser wrote:
>> > strlcpy and strlcat are inventions of the OpenBSD project. Since they
>> > invented
>> > those they are trying to "infect" other projects.
>>
>>   PHP is already infected.
>>
>>   Try to grep for strlcpy and strlcat in the _vanilla_ PHP source code.
>>
>>   But that's ok. If you don't want us to work on PHP, let our project stop.
>>
>>--
>>  __  /*-  Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\  __
>>  \ '/http://www.PureFTPd.Org/";> Secure FTP Server \' /
>>   \/  http://www.Jedi.Claranet.Fr/";> Misc. free software   \/
>>
>>--
>>PHP Development Mailing List 
>>To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>--
>PHP Development Mailing List 
>To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] exec + safemode

[Stefan Esser]

Morning, (maybe i am just blind...)

I doubt this can be counted as support question *grin*

Has anyone of you ever tried to exec a command while in safe_mode?

exec ("blub"); works fine, but it seems impossible to give a param
to blub that has spaces in it.


Stefan

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] the dl() issue

[Marko Karppinen]

Zeev and Stas:

> That sounds like a pretty good idea, actually :)
>> Might the solution be in the form of some 'auto-load extension folder'?
>> I.e., folder in which all extensions found there are loaded automatically?

Yes, this seems to be a near-perfect solution to me. Great!

--Marko


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] FREE_ZVAL and/or zval_dtor()

[Andrey Hristov]

It is my mistake. There are two macroses ZEND_FAST_FREE
#define ZEND_FAST_FREE(p, fc_type)  \
 {\
  TSRMLS_FETCH();\
 \
  ((zend_fast_cache_list_entry *) (p))->next = (zend_fast_cache_list_entry *) 
AG(fast_cache_list_head)[fc_type]; \
  AG(fast_cache_list_head)[fc_type] = (zend_fast_cache_list_entry *) (p);   \
 }
and

#define ZEND_FAST_FREE(p, fc_type) \
 efree(p)

Depends on that is ZEND_ENABLE_FAST_CACHE is on.
The first one is not freeing any memory the second one is.

Regards,
Andrey

- Original Message - 
From: "Klaus Reimer" <[EMAIL PROTECTED]>
To: "Andrey Hristov" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, March 12, 2002 3:07 PM
Subject: Re: [PHP-DEV] FREE_ZVAL and/or zval_dtor()


> Hi,
> 
> On Tuesday 12 March 2002 14:01, Andrey Hristov wrote:
> > As far as I see FREE_ZVAL is ZEND_FAST_FREE and the latter is not freeing
> > memory just removes the zval from a list. So it is required to release the
> > memory before that. Fix me if I'm wrong.
> 
> FREE_ZVAL calls ZEND_FAST_FREE, that's correct. But ZEND_FAST_FREE does call 
> efree(). So I'm pretty sure, thtat FREE_ZVAL does release the memory of the 
> zval, which has been allocated by using MAKE_STD_ZVAL (which calls ALLOC_ZVAL 
>  which calls ZVAL_FAST_ALLOC which calls emalloc()).
> 
> -- 
> Bye, K 
> [A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
> (Finger [EMAIL PROTECTED] to get public key)
> 
> -- 
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php
> 
> 


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] FREE_ZVAL and/or zval_dtor()

[Klaus Reimer]

Hi,

On Tuesday 12 March 2002 14:01, Andrey Hristov wrote:
> As far as I see FREE_ZVAL is ZEND_FAST_FREE and the latter is not freeing
> memory just removes the zval from a list. So it is required to release the
> memory before that. Fix me if I'm wrong.

FREE_ZVAL calls ZEND_FAST_FREE, that's correct. But ZEND_FAST_FREE does call 
efree(). So I'm pretty sure, thtat FREE_ZVAL does release the memory of the 
zval, which has been allocated by using MAKE_STD_ZVAL (which calls ALLOC_ZVAL 
 which calls ZVAL_FAST_ALLOC which calls emalloc()).

-- 
Bye, K 
[A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
(Finger [EMAIL PROTECTED] to get public key)

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] FREE_ZVAL and/or zval_dtor()

[Andrey Hristov]

As far as I see FREE_ZVAL is ZEND_FAST_FREE and the latter is not freeing memory just 
removes the zval from a list. So it is
required to release the memory before that. Fix me if I'm wrong.

Regards,
Andrey

- Original Message -
From: "Klaus Reimer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 12, 2002 2:42 PM
Subject: [PHP-DEV] FREE_ZVAL and/or zval_dtor()


> Hi,
>
> I'm not sure if I have understood how to free the memory allocatedof a zval
> correctly. Because I don't want to create memory leaks, please tell me if I
> am right or tell me how it is done correctly:
>
> If I create a zval with MAKE_STD_ZVAL, I just need to call FREE_ZVAL, because
> there is no value associated with that zval up to now. But if I store a
> string or an object or something like that in this zval I also need to use
> zval_dtor() before I destroy the zval itself with FREE_ZVAL, right? Example:
>
>zval *foo;
>   MAKE_STD_ZVAL(foo); /* Allocate zval */
>   ZVAL_STRING(foo,'"Some text",1); /* Store a string in zval */
>
>   /* Do something */
>
>   zval_dtor(foo); /* Free the string */
>   FREE_ZVAL(foo); /* Free the zval */
>
>
> Is that correct?
>
> Another question: How do I free the return_value from a
> call_user_function_ex() call? The Zend-API-Documentation says, I have to use
> zval_dtor, but is this enough? This just frees the memory allocated by the
> zval-value, or not? What about the zval itself?
>
> --
> Bye, K 
> [A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
> (Finger [EMAIL PROTECTED] to get public key)
>
> --
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] FREE_ZVAL and/or zval_dtor()

[Klaus Reimer]

Hi,

I'm not sure if I have understood how to free the memory allocatedof a zval 
correctly. Because I don't want to create memory leaks, please tell me if I 
am right or tell me how it is done correctly:

If I create a zval with MAKE_STD_ZVAL, I just need to call FREE_ZVAL, because 
there is no value associated with that zval up to now. But if I store a 
string or an object or something like that in this zval I also need to use 
zval_dtor() before I destroy the zval itself with FREE_ZVAL, right? Example:

   zval *foo;
  MAKE_STD_ZVAL(foo);   /* Allocate zval */
  ZVAL_STRING(foo,'"Some text",1);  /* Store a string in zval */
  
  /* Do something */
   
  zval_dtor(foo);   /* Free the string */
  FREE_ZVAL(foo);   /* Free the zval */


Is that correct?

Another question: How do I free the return_value from a 
call_user_function_ex() call? The Zend-API-Documentation says, I have to use 
zval_dtor, but is this enough? This just frees the memory allocated by the 
zval-value, or not? What about the zval itself?

-- 
Bye, K 
[A735 47EC D87B 1F15 C1E9  53D3 AA03 6173 A723 E391]
(Finger [EMAIL PROTECTED] to get public key)

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] CVS Account Request: mmeier

[Michael Meier]

Support in german translations.

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] the dl() issue

[Zeev Suraski]

That sounds like a pretty good idea, actually :)

Zeev

At 11:32 AM 3/12/2002, Stanislav Malyshev wrote:
>MK>> For them, digging into the guts of the system, installing PHP
>MK>> extensions there and modifying obscure, Apple-supplied configuration
>MK>> files is MUCH, MUCH more frightening than just downloading a php
>MK>> extension, dropping it into the Sites folder in their home directory,
>MK>> and calling dl("extension.bundle"); in their PHP scripts.
>
>Might the solution be in the form of some 'auto-load extension folder'?
>I.e., folder in which all extensions found there are loaded automatically?
>
>--
>Stanislav Malyshev, Zend Products Engineer
>[EMAIL PROTECTED]  http://www.zend.com/ +972-3-6139665 ext.115
>
>
>
>--
>PHP Development Mailing List 
>To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] FRC: assert

[Yasuo Ohgaki]

Hi all,

I made a patch to enable/include assert()/assert.h.
If you have comment, please let me know.

Thank you.

-- 
Yasuo Ohgaki
[EMAIL PROTECTED]


Index: configure.in
===
RCS file: /repository/php4/configure.in,v
retrieving revision 1.310
diff -u -r1.310 configure.in
--- configure.in11 Mar 2002 13:17:41 -  1.310
+++ configure.in12 Mar 2002 10:10:26 -
@@ -360,6 +360,7 @@
 alloca.h \
 arpa/inet.h \
 arpa/nameser.h \
+assert.h \
 crypt.h \
 fcntl.h \
 grp.h \
Index: CODING_STANDARDS
===
RCS file: /repository/php4/CODING_STANDARDS,v
retrieving revision 1.10
diff -u -r1.10 CODING_STANDARDS
--- CODING_STANDARDS28 Feb 2002 06:31:09 -  1.10
+++ CODING_STANDARDS12 Mar 2002 10:10:26 -
@@ -64,6 +64,9 @@
 not recommended. Since most of PHP_* macros are ZEND_* macro alias, use of
 PHP_* macro makes browsing source with tag search harder.
 
+[8] Use assert(). assert.h is included in php.h if it is available. 
+Not only good assertion catch bugs, but also it makes easier to read code.
+
 Naming Conventions
 --
 
Index: main/php.h
===
RCS file: /repository/php4/main/php.h,v
retrieving revision 1.159
diff -u -r1.159 php.h
--- main/php.h  1 Mar 2002 00:16:58 -   1.159
+++ main/php.h  12 Mar 2002 10:10:26 -
@@ -63,7 +63,16 @@
 
 #include "php_regex.h"
 
-
+#if HAVE_ASSERT_H
+#if PHP_DEBUG
+#undef NDEBUG
+#else
+#define NDEBUG
+#endif
+#include 
+#else /* HAVE_ASSERT_H */
+#define assert()
+#endif /* HAVE_ASSERT_H */
 
 #define APACHE 0
 



-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: Text files in /php4

[Yasuo Ohgaki]

+1

I've asked the same thing before. Most people like the idea.
Hurmat said Gobar has started howto. It's good thing to have
XML document for these, but it's not well organized yet.

We are better to keep documents in source at least until
there is framework for these documentation.

In addition to that, some document may stay only in source.
We do not want to publish doc for unfinished/highly experimental
features in web site :)
Not many developers are following php-doc list also.

James Cox wrote:
> I wanted to get some discussion going about making the php4 tree less
> cluttered. The first thing to do, I think, is to move the documentation out
> from the root directory.
> 
> Therefore, i'd like to propose the following:
> 
> /php4/
> NEWS
> CREDITS
> INSTALL
> LICENSE
> TODO.BUILDv5
> TODO

Merge TODO and TODO.BUILDv5?

--
Yasuo Ohgaki


> EXTENSIONS
> php.ini-dist
> php.ini-recommended
> 
> /php4/docs/
> README.Zeus > README.ZEUS
> README.SELF-CONTAINED-EXTENSIONS
> README.CVS-RULES
> README.TESTING
> README.EXTENSIONS
> README.PARAMETER_PARSING_API
> README.STREAMS
> README.QNX
> README.EXT_SKEL
> RELEASE_PROCESS
> CODING_STANDARDS
> apidoc-zend.txt > APIDOC_ZEND
> apidoc.txt> APIDOC
> ChangeLog.1999.gz
> ChangeLog.2001.gz
> ChangeLog.2000.gz
> 
> 
> It might be nice -- and much easier then -- to convert these document files
> into phpdoc format, and update them in the manual too.
> 
> James
> --
> James Cox :: [EMAIL PROTECTED] :: Landonize It! http://landonize.it/
> Was I helpful?  http://www.amazon.co.uk/exec/obidos/wishlist/23IVGHQ61RJGO/
> 


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Make php-cvs@ read-only

[Stefan Roehrich]

On 2002-03-11 23:28:36, Rasmus Lerdorf wrote:
> It seems to work quite nicely for most.  Having the mailing list software
> remove a user's ability to control where replies go is even nastier.  Add

Yes, in general I'm against adding forced Reply-To headers by mailing
list software, too (having read "Reply-To" Munging Considered
Harmful). But normal posts to php-cvs are automatically generated cvs
commit messages, so how about adding the reply-to header to them only?
This wouldn't hurt anyone who really wants to post to php-cvs and it
would lead the discussions of the cvs commits to php-dev.

  Stefan

-- 
Stefan Röhrich   [EMAIL PROTECTED], [EMAIL PROTECTED]
 http://www.roehri.ch/~sr/

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] ZLib (double free) bug

[Andrey Hristov]

Yeap. :(( the RH RPM is 1.1.3-25.7

 ftp://updates.redhat.com/7.2/en/os/i386/zlib-1.1.3 -25.7.i386.rpm

Andrey

- Original Message -
From: "Stefan Roehrich" <[EMAIL PROTECTED]>
To: "Andrey Hristov" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, March 12, 2002 11:46 AM
Subject: Re: [PHP-DEV] ZLib (double free) bug


> On 2002-03-12 10:50:43, Andrey Hristov wrote:
> > What about implementing in build process check for the version of
> > the zlib library. If <=1.1.3 to give error message that >=1.1.4 is
> > needed. 1.1.4 is at :
>
> I already thought about that, but there are people or even whole linux
> distributions (e.g. Debian), who are patching their zlib libraries
> without using the whole 1.1.4, so their zlib version stays at 1.1.3,
> but without the bug.
>
> So we would to really test for this double free error, we can't rely
> on the zlib version, if we don't want to break php build for this
> platforms. But I think using this double free bug would be a little
> bit of overkill for a configure script ...
>
>   Stefan
>
> --
> Stefan Röhrich   [EMAIL PROTECTED], [EMAIL PROTECTED]
>  http://www.roehri.ch/~sr/
>
> --
> PHP Development Mailing List 
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] ZLib (double free) bug

[Stefan Roehrich]

On 2002-03-12 10:50:43, Andrey Hristov wrote:
> What about implementing in build process check for the version of
> the zlib library. If <=1.1.3 to give error message that >=1.1.4 is
> needed. 1.1.4 is at :

I already thought about that, but there are people or even whole linux
distributions (e.g. Debian), who are patching their zlib libraries
without using the whole 1.1.4, so their zlib version stays at 1.1.3,
but without the bug.

So we would to really test for this double free error, we can't rely
on the zlib version, if we don't want to break php build for this
platforms. But I think using this double free bug would be a little
bit of overkill for a configure script ...

  Stefan

-- 
Stefan Röhrich   [EMAIL PROTECTED], [EMAIL PROTECTED]
 http://www.roehri.ch/~sr/

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] the dl() issue

[Stanislav Malyshev]

MK>> For them, digging into the guts of the system, installing PHP
MK>> extensions there and modifying obscure, Apple-supplied configuration
MK>> files is MUCH, MUCH more frightening than just downloading a php
MK>> extension, dropping it into the Sites folder in their home directory,
MK>> and calling dl("extension.bundle"); in their PHP scripts.

Might the solution be in the form of some 'auto-load extension folder'? 
I.e., folder in which all extensions found there are loaded automatically?

-- 
Stanislav Malyshev, Zend Products Engineer   
[EMAIL PROTECTED]  http://www.zend.com/ +972-3-6139665 ext.115



-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] the dl() issue

[Zeev Suraski]

At 10:43 AM 3/12/2002, Shane Caraveo wrote:
> > The stability issue is fairly obvious (you're much more likely to screw up
> > in a multithreaded environment if you load/unload libraries like hell, than
> > you are if you load them once, process-wide;  this affects both code in PHP
> > and code in the libraries themselves).
>
>That has nothing to do with dynamically loading modules at runtime.

It has lots to do with that.

>First, the modules should not be unloaded until php is unloaded.

Then you're not talking about dl(), because dl()'d modules get unloaded at 
the end of the request.

We can, relatively easily, add an administrative way of loading modules, 
server-wide and without being able to unload them.  This will not, however, 
be anything that's remotely equivalent to dl(), and does not address your 
(IMHO unexplained) requirement to 'load different modules for different 
parts of the site'.  It's basically the same as loading them in php.ini, 
but not doing it in php.ini.  I can't find a very good reason for doing 
that (other than the unexplained hatred towards php.ini :).  The 
performance and stability problems that affect dl() will not affect this 
feature, but the security implications will.

>Arbitrary code?  extension_dir defines where you can load from, and you
>can only load dll's that exist within that.

Security is a relative term.  There's no absolute security, and there are a 
zillion different degrees of security.  By adding dl(), you degrade PHP's 
level of security because you bring the danger closer.  With dl(), all the 
user has to do in order to exploit your server is figure out a way to put 
exploit code in a certain directory, and voila.  Without it - he has no way 
of loading executable code into the server, no matter what.  From a 
security perspective, there's no question that adding it degrades security, 
the only question is how much.

>   Additionally, the dl
>loading
>code looks for specific exports to even be able to load the dll.

Well, they're quite easy to implement.

>  The
>only security issue is if the administrator puts arbitrary dll's into
>the path defined by extension_dir.  The really paranoid can disable the
>function in php.ini.  If you're worried about security issues with dl,
>we should all be much more fearful of the COM, Corba and .Net
>extensions.

COM, Corba and .NET give you accessibility to objects that are already 
installed on the system, with whatever permissions and policies that are 
enforced by their installation.  dl() gives you a way of doing all sorts of 
nasty things within the web server.  I don't pretend to know what can be 
done using dl(), as I don't spend my days trying to figure out exploits.  I 
know that it's bad security wise, and to say the least, it doesn't sound 
unreasonable that it's exploitable.

>I just find it more than slightly sad that PHP cannot dynamicly load
>extensions when Perl, Python, and other script languages don't have
>problems with this, and are in fact designed to do it that way to begin
>with.  I think it's very short sighted to not have this ability.

Neither Python nor Perl were designed as server plugins, definitely not 
multithreaded server plugins.  IMHO adding dl() to PHP in the first place, 
a-la Perl, was short-sighted because it really doesn't fit a server 
plugin.  It wasn't too evident while we were using Apache/1.x under UNIX, 
but with PHP 4 and the multithreaded support it became much 
clearer.  Getting dl() to work in a multithreaded environment is probably 
just a few days' work, but I see this in the opposite way from you - I 
think it would be short sighted to support it.  The sooner we deprecate it, 
the better, and effectively, dl() has been dead under Windows for a very, 
very long time, with very little complaints.

>   But
>I'm not going to waste any more of my time on it.

Good :)

Zeev


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] ZLib (double free) bug

[Andrey Hristov]

What about implementing in build process check for the version of the zlib library. If 
<=1.1.3 to give error message that >=1.1.4 is
needed. 1.1.4 is at : ftp://ftp.info-zip.org/pub/infozip/zlib/zlib-1.1.4.tar.gz

Best regards,
Andrey Hristov


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] the dl() issue

[Shane Caraveo]

Zeev Suraski wrote:
> 
> Shane,
> 
> Please read the archives - the performance issue was well covered.

I read the archives, and spent a lot of time looking for more than I
found.

> The stability issue is fairly obvious (you're much more likely to screw up
> in a multithreaded environment if you load/unload libraries like hell, than
> you are if you load them once, process-wide;  this affects both code in PHP
> and code in the libraries themselves).  

That has nothing to do with dynamically loading modules at runtime. 
First, the modules should not be unloaded until php is unloaded. 
Otherwise you certainly would have performance issues, and plenty of
management issues.  Second, if the code in the libraries themselves is
effected, that simply points to problems in the library, or in the way
php handles modules.  (And that is what I am trying to get to the root
of.)

> The security issue is fairly
> obvious as well - by definition, if you let users load arbitrary code in
> runtime, from within a script, you're begging for trouble.  Of course, if
> PHP was a fort it wouldn't have been a problem but you know it is not.

Arbitrary code?  extension_dir defines where you can load from, and you
can only load dll's that exist within that.  Additionally, the dl
loading
code looks for specific exports to even be able to load the dll.  The
only security issue is if the administrator puts arbitrary dll's into
the path defined by extension_dir.  The really paranoid can disable the
function in php.ini.  If you're worried about security issues with dl,
we should all be much more fearful of the COM, Corba and .Net
extensions.

> There's nothing theoretical about these drawbacks, they're very
> concrete.  On the other hand, I can only find theoretical advantages to
> using dl() (or for that matter, not using php.ini);  You said you don't
> like it, but there's really nothing wrong with it).

I just find it more than slightly sad that PHP cannot dynamicly load
extensions when Perl, Python, and other script languages don't have
problems with this, and are in fact designed to do it that way to begin
with.  I think it's very short sighted to not have this ability.  But
I'm not going to waste any more of my time on it.

Shane

-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Text files in /php4

[derick]

Hello,

I marked the documents I think they should be in the manual, and not as a 
text file in the source. IMO as much as possible documentation should be 
available in _one place_: the manual.

On Tue, 12 Mar 2002, James Cox wrote:

> /php4/
> NEWS
> CREDITS
> INSTALL
> LICENSE
> TODO.BUILDv5
> TODO
> EXTENSIONS   
> php.ini-dist
> php.ini-recommended
> 
> /php4/docs/
> README.Zeus > README.ZEUS  
> README.SELF-CONTAINED-EXTENSIONS   
> README.CVS-RULES
> README.TESTING 
> README.EXTENSIONS  
> README.PARAMETER_PARSING_API   
> README.STREAMS 
> README.QNX 
> README.EXT_SKEL
> RELEASE_PROCESS
> CODING_STANDARDS   
> apidoc-zend.txt > APIDOC_ZEND  
> apidoc.txt> APIDOC 
> ChangeLog.1999.gz
> ChangeLog.2001.gz
> ChangeLog.2000.gz
> 

Derick

--
  PHP: Scripting the Web - [EMAIL PROTECTED]
All your branches are belong to me!
SRM: Site Resource Manager - www.vl-srm.net
---


-- 
PHP Development Mailing List 
To unsubscribe, visit: http://www.php.net/unsub.php