Hi!
Working on unserialize edge case patches backporting, I've discovered
that object_properties_load() function crashes if the properties array
contains non-string keys (which can happen on unserialize). Now, I can
fix the crash, but I can fix it in two ways:
1. Ignore such keys (i.e. such proper
Hi,
On Sep 2, 2015 12:31 PM, "Davey Shafik" wrote:
>
> Hi,
>
> I've been poking around at HTTP/2 a lot lately, and it seems that so long
> as you are using libcurl 7.43.0+ it's possible to do request multiplexing.
>
> This change simply introduces three constants, CURLPIPE_NOTHING (0),
> CURLPIPE
Hi,
I've been poking around at HTTP/2 a lot lately, and it seems that so long
as you are using libcurl 7.43.0+ it's possible to do request multiplexing.
This change simply introduces three constants, CURLPIPE_NOTHING (0),
CURLPIPE_HTTP1 (1), and CURLPIPE_MULTIPLEX (2) which represent possible
val
Hi Stas,
There are many fixes regarding unserialize.
We also had many fixes regarding type mismatches.
I suppose many 3rd party modules have same issues.
How about have a doc for secure PHP internal coding?
--
Yasuo Ohgaki
yohg...@ohgaki.net
On Wed, Sep 2, 2015 at 5:55 AM, Stanislav Malyshev
Hi!
I've recently committed a number of fixes to 5.x branch. These fixes
mainly concern (un)serialization scenarios, you can see the full list in
5.4/5.5 NEWS. These changes are not merged yet to master/7.0 since due
to extensive differences between 5.x and 7 in zval handling, they
basically must
Hi Scott,
On Mon, Aug 31, 2015 at 10:56 PM, Scott Arciszewski
wrote:
>
>
> At the risk of sounding silly, can we just use random_bytes()? :)
>
>
This is about internal calls in OpenSSL so we would have to register our
RAND methods. That can be however problematic with potential using of
engine AP
Hi Anatol
On Mon, Aug 31, 2015 at 10:16 PM, Anatol Belski
wrote:
>
> >
> > > > There also is an another thing for TS Win build (probably question
> > > > for
> > > Anatol and
> > > > Pierre :) ). The thing is that EVP_SealInit uses internally
> RAND_bytes.
> > > IIRC there is
> > > > some locking
On 01/09/2015 10:29, Craig Francis wrote:
Personally I still like the idea of an exists(), because I feel that is how
many programmers treat and use the isset() function - simply because they do
use NULL as a valid value, and either haven't read the manual, or forget the
exception that is ment
Anthony Ferrara wrote on 01/09/2015 06:53:
function partial(callable $cb) {
return $left ~> $right ~> $cb($left, $right);
}
The thing that is most unreadable to me in this is the associativity.
Someone from, say, a Haskell background might be used to mentally
grouping X -> Y -> Z into a
On 01/09/15 07:51, Stanislav Malyshev wrote:
>> function partial(callable $cb) {
>> > return $left ~> $right ~> $cb($left, $right);
>> > }
> It looks very pretty as the ASCII art, and no entry-level programmer
> would have any idea at all what these arrows actually do and how this
> thing is su
On 01/09/15 10:29, Craig Francis wrote:
> Personally I still like the idea of an exists(), because I feel that is how
> many programmers treat and use the isset() function - simply because they do
> use NULL as a valid value, and either haven't read the manual, or forget the
> exception that is
Hi Bob,
> I had this RFC in draft since some time, but delayed it due to all the
> ongoing PHP 7 discussions. Also we have no master branch to merge features in
> until 5.4 EOL. Thus I'm reviving this now.
>
> Time for the first RFC targeting PHP 7.1 (assuming PHP 8 isn't going to be
> the next
On Mon, 31 Aug 2015, Bob Weinand wrote:
> I had this RFC in draft since some time, but delayed it due to all the
> ongoing PHP 7 discussions. Also we have no master branch to merge features in
> until 5.4 EOL. Thus I'm reviving this now.
>
> Time for the first RFC targeting PHP 7.1 (assuming PH
On Tue, Sep 1, 2015 at 5:29 AM, Craig Francis wrote:
> Hi Rowan, Ryan, James, Bishop, Stas, Lester,
>
> I've been giving this some thought over the weekend, and I agree with what
> you are all saying, but I think there is an element of confusion in the PHP
> programming community that needs to b
Wiki account: allenjb
I wish to submit an RFC for my notice on array-access on non-arrays pull
request.
Draft RFC: https://gist.github.com/AllenJB/793d54a86ac182ef61f5
PR: https://github.com/php/php-src/pull/1269
Thanks in advance,
AllenJB
--
PHP Internals - PHP Runtime Development Mailing
Hi Rowan, Ryan, James, Bishop, Stas, Lester,
I've been giving this some thought over the weekend, and I agree with what you
are all saying, but I think there is an element of confusion in the PHP
programming community that needs to be addressed (somehow).
Yes, we probably should not be giving s
On Tue, Sep 1, 2015 at 10:45 AM, Tony Marston wrote:
>
> This argument is irrelevant for several reasons:
> (1) I am not familiar with any of those languages, nor are many PHP users.
> (2) Just because other languages have such a feature is not a good reason
> for adding it into PHP.
> (3) Introdu
Dear all,
Just to throw in my 2 cents as a userland developer: having multiple
ways to write the same thing isnt always right, but does have
advantages. (i.e. the [] shorthand is gaining alot of popularity as
already noted) (and might even force array() into deprecation imho)
But it does also add
On Tue, Sep 1, 2015 at 10:44 AM, Anthony Ferrara wrote:
>> I'm not sure about the "auto using" of all variables though; wouldnt
>> it be possible to statically check for the used variables and only
>> import what's needed, for performance reasons?
>
> That's precisely what's happening. Not all var
On Mon, Aug 31, 2015 at 10:31 PM, Ben Scholzen 'DASPRiD'
wrote:
> Hello,
>
> I've written up an RFC for supporting generic classes and methods in PHP,
> and I'd love to hear your thoughts about it.
>
> https://wiki.php.net/rfc/generics
>
> Cheers,
> --
> Ben Scholzen 'DASPRiD'
> Community Review T
Results for project php-src-nightly, build date 2015-09-01 05:00:00+03:00
commit: 66770f9c37e3821582b02f77867bf09141e59a51
revision_date: 2015-09-01 03:15:50+03:00
environment:Haswell-EP
cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping
2, LLC 45 MB
"Yasuo Ohgaki" wrote in message
news:caga2bxzpud0j86d-vlsc+fukhzrjk_3qu_5afkg0bm+de7x...@mail.gmail.com...
Hi Anthony and Bob,
On Tue, Sep 1, 2015 at 2:53 PM, Anthony Ferrara
wrote:
Most programming languages today have a "short form" closure or lambda
syntax
HackLang: ($x) ==> $x + 1;
C+
Pavel
On Tue, Sep 1, 2015 at 4:32 AM, Pavel Kouřil wrote:
> On Mon, Aug 31, 2015 at 9:29 PM, Bob Weinand wrote:
>> I had this RFC in draft since some time, but delayed it due to all the
>> ongoing PHP 7 discussions. Also we have no master branch to merge features
>> in until 5.4 EOL. Thus I'm
On Mon, Aug 31, 2015 at 9:29 PM, Bob Weinand wrote:
> I had this RFC in draft since some time, but delayed it due to all the
> ongoing PHP 7 discussions. Also we have no master branch to merge features in
> until 5.4 EOL. Thus I'm reviving this now.
>
> Time for the first RFC targeting PHP 7.1 (
On Tue, Sep 1, 2015 at 9:36 AM, Yasuo Ohgaki wrote:
> Hi Anthony and Bob,
>
> On Tue, Sep 1, 2015 at 2:53 PM, Anthony Ferrara
> wrote:
> > Most programming languages today have a "short form" closure or lambda
> syntax
> >
> > HackLang: ($x) ==> $x + 1;
> > C++: [](int x) -> int { return x + 1;
Hi Anthony and Bob,
On Tue, Sep 1, 2015 at 2:53 PM, Anthony Ferrara wrote:
> Most programming languages today have a "short form" closure or lambda syntax
>
> HackLang: ($x) ==> $x + 1;
> C++: [](int x) -> int { return x + 1; }
> Java: (int x) -> x + 1;
> Python: lambda x: x+1
> Ruby: lambda |x|
2015. aug. 31. 21:29 ezt írta ("Bob Weinand" ):
>
> I had this RFC in draft since some time, but delayed it due to all the
ongoing PHP 7 discussions. Also we have no master branch to merge features
in until 5.4 EOL. Thus I'm reviving this now.
>
> Time for the first RFC targeting PHP 7.1 (assuming
Hey:
On Tue, Sep 1, 2015 at 2:51 PM, Stanislav Malyshev wrote:
> Hi!
>
>> I agree that at first it will feel a little bit weird, especially
>> given that PHP in general lacks syntactic sugar (we still don't have a
>> short-hand to initialize stdclass objects). We introduced [] back in
>> 5.4, and
28 matches
Mail list logo
