Re: [PHP-DEV] [RFC][VOTE] Session ID without hashing

2016-07-02 Thread Yasuo Ohgaki
Hi Leigh, On Sat, Jul 2, 2016 at 5:39 PM, Leigh wrote: > So I have a few issues that span the RFC and the implementation. > > Your RFC states > >> hardcoded default and php.ini-* default values are the same. > > This is not the case. > > Originally the session id length and

Re: [PHP-DEV] [RFC] Iterable

2016-07-02 Thread Stanislav Malyshev
Hi! > Generally when I've seen an object that did not implement Traversable > used with foreach it has been an error. The exception of course is > stdClass, particularly because of json_decode(). There was no > discussion on the list of allowing stdClass, but I did discuss it > with some people

Re: [PHP-DEV] [RFC] Iterable

2016-07-02 Thread Jeremy Mikola
On Saturday, July 2, 2016, Aaron Piotrowski wrote: > > > There was no discussion on the list of allowing stdClass, but I did discuss > it with some people in chat. Our consensus was that a casting to an array > was a reasonable and simple requirement to allow an instance of

Re: [PHP-DEV] [RFC] Iterable

2016-07-02 Thread Aaron Piotrowski
Hi Jeremy, > On Jun 30, 2016, at 3:01 PM, Jeremy Mikola wrote: > > Was there any discussion about a special allowance being made for stdClass? > > I've noted the is_iterable(new stdClass) example and ensuing "Object > Iteration" section: > > PHP allows any object to be

Re: [PHP-DEV] [RFC][Vote] Iterable

2016-07-02 Thread Pascal MARTIN, AFUP
Le 24/06/2016 à 20:05, Aaron Piotrowski a écrit : Voting on the Iterable RFC has opened and will remain open until 7/2/16 at 11:59 GMT. Hi, At AFUP, we would be a huge +1 for this RFC: it answers a need many of us have had in the past. Thanks for your work on this! -- Pascal MARTIN, AFUP

[PHP-DEV] About session.use_strict_mode=0 by default (was: Re: [PHP-DEV] [RFC][VOTE] Session ID without hashing)

2016-07-02 Thread Markus Fischer
Everytime I see a thread mentioning session.use_strict_mode I'm wondering why we haven't got around to enable it by default (by means of php.ini-development/php.ini-production ). Maybe someone can step forward and propose this change for the next version (not 7.1 ...)? It could be documented as

Re: [PHP-DEV] [RFC][VOTE] Session ID without hashing

2016-07-02 Thread Leigh
Actually decided to post so On Sat, 2 Jul 2016 at 09:16 Leigh wrote: > On Sat, 2 Jul 2016 at 08:36 Yasuo Ohgaki wrote: > >> Hi all, >> >> Currently session module uses obsolete MD5 for session ID. With >> CSPRNG, hashing is redundant and needless. It adds

Re: [PHP-DEV] [RFC][VOTE] Session ID without hashing

2016-07-02 Thread Leigh
On Sat, 2 Jul 2016 at 08:36 Yasuo Ohgaki wrote: > Hi all, > > Currently session module uses obsolete MD5 for session ID. With > CSPRNG, hashing is redundant and needless. It adds hash module > dependency and inefficient (There is no reason to use hash for CSPRNG > generated

[PHP-DEV] [RFC][VOTE] Session ID without hashing

2016-07-02 Thread Yasuo Ohgaki
Hi all, Currently session module uses obsolete MD5 for session ID. With CSPRNG, hashing is redundant and needless. It adds hash module dependency and inefficient (There is no reason to use hash for CSPRNG generated bytes). This proposal cleans up session code by removing hash.