Re: [PHP-DEV] crypt() should raise error without 2nd parameter

Hi Hannes, On Thu, Aug 8, 2013 at 1:22 PM, Hannes Magnusson wrote: > On Wed, Aug 7, 2013 at 6:20 PM, Yasuo Ohgaki wrote: > > Hi all, > > > > It seems there are 2 options for master branch when crypt()'s 2nd > parameter > > is omitted. > > > > - raise E_DEPRECIATED that advice use of stronger s

Re: [PHP-DEV] VCS Account Request: requinix

\o/ I've approved your request, which means you have full karma on bugs.php.net and wiki.php.net. If you login on https://master.php.net/manage/users.php?username=requinix you'll also be able to approve events in our event calendar, and when you browse php.net manual pages you'll be able to edit/

[PHP-DEV] Re: VCS Account Request: requinix

VCS Account Approved: requinix approved by bjori \o/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] crypt() should raise error without 2nd parameter

On Wed, Aug 7, 2013 at 6:20 PM, Yasuo Ohgaki wrote: > Hi all, > > It seems there are 2 options for master branch when crypt()'s 2nd parameter > is omitted. > > - raise E_DEPRECIATED that advice use of stronger salt or password_hash() >and make 2nd parameter required for future release. >

Re: [PHP-DEV] RFC: constructor argument promotion

On Wed, Aug 7, 2013 at 12:47 PM, Sean Cannella wrote: > Everyone - > > Hi! Since this is my first post to this list, I'll introduce myself: > I'm an engineer who has been working on HipHop VM in New York for the last > half year or so after a long time working at Microsoft on business software >

Re: [PHP-DEV] VCS Account Request: requinix

On Wed, Aug 7, 2013 at 10:29 PM, Damian Wadley wrote: > I like how all the \"why I need a Git account\" reasons above > are copied verbatim from the list of reasons one *doesn\'t* need a Git > account :) > > Well, you passed the first test.

[PHP-DEV] VCS Account Request: requinix

I like how all the \"why I need a Git account\" reasons above are copied verbatim from the list of reasons one *doesn\'t* need a Git account :) Primary reason would be helping with tickets in the bug tracker, but since a lot of bug reports are about the documentation I\'ll surely be more active

Re: [PHP-DEV] "php_serialize" session serialize handler

Hi Stas, On Thu, Aug 8, 2013 at 11:11 AM, Yasuo Ohgaki wrote: > On Thu, Aug 8, 2013 at 11:03 AM, Stas Malyshev wrote: > >> > Removing unneeded limitations, rather than forcing them to users, is >> user >> > friendly and the way to go. IMHO. >> >> If we wrote it from scratch, sure. But if we alre

[PHP-DEV] Re: requinix php.net account?

(replying from a dedicated php@ email address that I've wanted to make for a while but never got around to doing) Introduce myself... Hi. I'm Damian. I'm on the US west coast, been using PHP for many years despite forays into C#/.NET, and am employed as a web developer. I spend most of my time on

Re: [PHP-DEV] "php_serialize" session serialize handler

Hi Stas, On Thu, Aug 8, 2013 at 11:03 AM, Stas Malyshev wrote: > > Removing unneeded limitations, rather than forcing them to users, is user > > friendly and the way to go. IMHO. > > If we wrote it from scratch, sure. But if we already have existing and > working one, having people to deal with m

Re: [PHP-DEV] "php_serialize" session serialize handler

Hi! > Removing unneeded limitations, rather than forcing them to users, is user > friendly and the way to go. IMHO. If we wrote it from scratch, sure. But if we already have existing and working one, having people to deal with migrating data and incompatibilities that arise IMHO is not worth the

Re: [PHP-DEV] "php_serialize" session serialize handler

Hi Stas On Thu, Aug 8, 2013 at 10:03 AM, Stas Malyshev wrote: > > Personally, I would not use numeric index. > > However, users are expecting it to work and there is no way to raise > > I don't think it is reasonable to expect it to work, it never worked, it > never was documented to work and the

Re: [PHP-DEV] RFC: constructor argument promotion

Hi! > In that case, __get() would not be called, since the property is defined > on the class, just not in a traditional way. This behavior is not > unprecedented however, as implicitly created public properties follow the > same pattern: The code doing it is actually pretty explicit - you can s

Re: [PHP-DEV] crypt() should raise error without 2nd parameter

Hi all, It seems there are 2 options for master branch when crypt()'s 2nd parameter is omitted. - raise E_DEPRECIATED that advice use of stronger salt or password_hash() and make 2nd parameter required for future release. - make crypt() use stronger default salt/hash w/o error Since pas

Re: [PHP-DEV] RFC: constructor argument promotion

Hi! > Type hints continue to work as is: > > class Foo { > public function __construct(public stdClass $foo, protected array $bar = > null) {} > } This is both very confusing syntax (since this would be only place in a language where public and type name can be mixed in the same construct) and

Re: [PHP-DEV] "php_serialize" session serialize handler

Hi! > Personally, I would not use numeric index. > However, users are expecting it to work and there is no way to raise I don't think it is reasonable to expect it to work, it never worked, it never was documented to work and there's no real use case for it. > The limitation is come from regist

Re: [PHP-DEV] RFC: constructor argument promotion

Hi Lars, >thanks for the RFC. Two other questions additionally to what Stas askes: > > - What about class type hints and array type hints? Type hints continue to work as is: class Foo { public function __construct(public stdClass $foo, protected array $bar = null) {} } > - If type hints ar

Re: [PHP-DEV] RFC: constructor argument promotion

Hi Stas, >> https://wiki.php.net/rfc/constructor-promotion > >1. From the first glance, it doesn't seem clear how this syntax would >interact with magic methods - i.e., if you have __get, would access to >$make call it? If not, it's rather un-intuitive since the property is >not defined in the c

Re: [PHP-DEV] "php_serialize" session serialize handler

Hi Stas, On Thu, Aug 8, 2013 at 5:34 AM, Stas Malyshev wrote: > Why is it useful to do this? I don't see how using numerical indexes in > global namespace (and SESSION is one of global namespaces in PHP) is a > good idea. Could you explain the use case here? > Personally, I would not use numeric

[PHP-DEV] requinix php.net account?

Hi requinix, recently I've seen your mail address more often in the bug tracker providing useful comments helping users and developers triaging bugs. Would you be interested in quickly introducing yourself and registering for an account on http://www.php.net/git-php.php so you can close/assign/cat

Re: [PHP-DEV] RFC: constructor argument promotion

Hi Sean, thanks for the RFC. Two other questions additionally to what Stas askes: - What about class type hints and array type hints? - If type hints are possible, doesn’t it look too much as real property type hinting? cu, Lars Am 07.08.2013 um 21:47 schrieb Sean Cannella : > Everyone - >

Re: [PHP-DEV] SPL Binary Tree, Graph

Hello Levi and core devs, I think it's better not to invent a wheel but rather extract best practices from time proved projects such as Gremlin, http://erldocs.com/R15B/stdlib/digraph.html looks not bad as well. Definitely there are a lot of bright minds among PHP core developers and PHP communit

Re: [PHP-DEV] "php_serialize" session serialize handler

Hi! > Current session module has a few limitations due to "register_globals" > support which is now obsolete. One of them is numeric key indexed session > data. i.e. $_SESSION[1] = $var is not allowed now and it raises error at > R_SHUTDOWN with useless message for debugging. Why is it useful to

Re: [PHP-DEV] crypt() should raise error without 2nd parameter

Hi! > A user requested that crypt() should raise error without 2nd(slat) > parameter. > > https://bugs.php.net/bug.php?id=55036 > > crypt() without salt generates extremely weak password hash. In addition to > this, I see that when I run crypt with one parameter, it generates salted password ha

Re: [PHP-DEV] RFC: constructor argument promotion

Hi! > https://wiki.php.net/rfc/constructor-promotion 1. From the first glance, it doesn't seem clear how this syntax would interact with magic methods - i.e., if you have __get, would access to $make call it? If not, it's rather un-intuitive since the property is not defined in the class but magi

[PHP-DEV] RFC: constructor argument promotion

Everyone - Hi! Since this is my first post to this list, I'll introduce myself: I'm an engineer who has been working on HipHop VM in New York for the last half year or so after a long time working at Microsoft on business software and services in multiple hemispheres. I wanted to get the PHP co

Re: [PHP-DEV] crypt() should raise error without 2nd parameter

Yasuo, Hi all, > > A user requested that crypt() should raise error without 2nd(slat) > parameter. > > https://bugs.php.net/bug.php?id=55036 > > crypt() without salt generates extremely weak password hash. In addition to > this, > PHP 5.5 has password_hash() > > This change should be applied from

Re: [PHP-DEV] crypt() should raise error without 2nd parameter

Hi Yasuo 2013/8/7 Yasuo Ohgaki : > Hi all, > > A user requested that crypt() should raise error without 2nd(slat) > parameter. > > https://bugs.php.net/bug.php?id=55036 > > crypt() without salt generates extremely weak password hash. In addition to > this, > PHP 5.5 has password_hash() > > This ch

Re: [PHP-DEV] crypt() should raise error without 2nd parameter

On 07/08/13 13:00, Leigh wrote: On 7 August 2013 11:18, Yasuo Ohgaki wrote: A user requested that crypt() should raise error without 2nd(slat) parameter. https://bugs.php.net/bug.php?id=55036 crypt() without salt generates extremely weak password hash. The docs seem to indicate that some i

Re: [PHP-DEV] crypt() should raise error without 2nd parameter

On 7 August 2013 11:18, Yasuo Ohgaki wrote: > A user requested that crypt() should raise error without 2nd(slat) > parameter. > > https://bugs.php.net/bug.php?id=55036 > > crypt() without salt generates extremely weak password hash. > The docs seem to indicate that some implementations generate

[PHP-DEV] crypt() should raise error without 2nd parameter

Hi all, A user requested that crypt() should raise error without 2nd(slat) parameter. https://bugs.php.net/bug.php?id=55036 crypt() without salt generates extremely weak password hash. In addition to this, PHP 5.5 has password_hash() This change should be applied from 5.5, IMHO. Any comments?

[PHP-DEV] Pull requests report (7/8/2013)

Merged requests (past 7 days): #214 First fixes for a 64bit compatible ftp extension #394 typofixes - non living code related typo fixes #399 Constify streams API and a fe

[PHP-DEV] "php_serialize" session serialize handler

Hi all, Current session module has a few limitations due to "register_globals" support which is now obsolete. One of them is numeric key indexed session data. i.e. $_SESSION[1] = $var is not allowed now and it raises error at R_SHUTDOWN with useless message for debugging. https://bugs.php.net/bug