Re: [PHP-DEV] [RFC] orphan extensions cleanup

Hi! > I've added myself to EXTENSIONS as PDO_OCI maintainer; can you take it > out of the RFC? Done, and thank you! -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

Hi! > Even when there is no JavaScript nor HTML5 forms, input validations > can be done. It's matter of definition of "valid inputs" for type="text" name="var" />. If page encoding is UTF-8, web browsers > must return response by UTF-8 encoding. (Unless other encoding is I think you're still mis

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

On 18/08/16 02:34, Stanislav Malyshev wrote: >> The input validation only reject invalid input. >> > >> > If you use plain for "date", then you should consider any valid >> > UTF-8 without CNTRL chars up to 100 char or so, not "MMDD". >> > (Assuming UTF-8 is the encoding) > But why? If I jus

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

ts. And so on. If this kind of data is sent to apps, something like this message may be displayed "Invalid inputs are detected. This incident is reported to administrator to investigate the cause." and finish the page. > >> If your JavaScript date picker uses "MMDD" format

Re: [PHP-DEV] [RFC] orphan extensions cleanup

On 18/08/16 01:02, Daniel Morris wrote: > both of those are likely more widely used by the > community than Interbase, Can you justify that statement! I'd add that PHP5.2/3 is more widely used that PHP7 ... And as already said it's not that we don't want to maintain it, it's that we have no one w

Re: [PHP-DEV] [RFC] orphan extensions cleanup

On 15/08/2016 6:17 PM, Kalle Sommer Nielsen wrote: Hi Stas 2016-08-15 7:53 GMT+02:00 Stanislav Malyshev : Hi! I'd like to propose an RFC to deal with extensions that currently have no maintainer: https://wiki.php.net/rfc/umaintained_extensions pdo_oci I have heard that maybe Oracle was

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

nt manner. > If your JavaScript date picker uses "MMDD" format (date like > 20160817) for a date, anything other than "MMDD" format is > attacker tampered inputs. You keep returning to Javascript. What I am asking you to consider is that we're not talkin

Re: [PHP-DEV] [RFC] orphan extensions cleanup

Interbase would be much better existing in PECL, since there is no interest in supporting it by internals. Couchbase and Cassandra both exist in PECL and both of those are likely more widely used by the community than Interbase, and both are also still maintained (with commits as recently as this m

Re: [PHP-DEV] [RFC] orphan extensions cleanup

Hi 2016-08-15 7:53 GMT+02:00 Stanislav Malyshev : > Please comment and discuss! What about adding the following: ext/dba ext/interbase ext/recode I tried to look for anything recode, but it seems far gone, although I did not do an extensive search for it. I'm unsure about the usage though, but I

[PHP-DEV] Re: [RFC] orphan extensions cleanup

Hi! On 15.08.2016 at 22:39, Stanislav Malyshev wrote: >> Maybe it would be better to first check the current status quo of >> maintainership, and after that taking care of the insufficiently >> maintained extensions. > > I think we can do both in parallel. I'll try to write the second RFC > soon

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

On 17/08/16 21:30, Yasuo Ohgaki wrote: >> We are on the same book, just coming at this from different ends. It's >> > that 'my_input_spec_def_for_this_file.php' which is the problem starting >> > with just where you get the set of rules from and not having a simple >> > beginner friendly method of

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Argon2 Password Hash

On 8/17/16, 3:48 PM, "Charles R. Portwood II" wrote: >Hi everyone, > >I've spent the last week and a half playing around with various cost >factors on different virtual machines and hardware (including compiling >this down for armv6 and testing on a Pi Zero), and looking over the spec >a bit more

Re: [PHP-DEV] [RFC][VOTE] Add session_create_id() function

Le 10/08/2016 à 11:14, Yasuo Ohgaki a écrit : Hi all, This is RFC for adding session_create_id() function. Hi again, Not that many of us at AFUP discussed about this RFC (maybe it's because of the summer and holidays, or it's because not many of us need this?), but those who did all agree h

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions tofiltermodule

On 17.08.2016 at 12:52, Lester Caine wrote: > On 17/08/16 10:36, Christoph M. Becker wrote: >> On 17.08.2016 at 10:58, Lester Caine wrote: >> ( and the javascript thing is more a case of upgrading PHP examples to use html5 validation by default ) > >> And thereby suggesting that HTML5 o

Re: [PHP-DEV] [RFC][VOTE] Add session_gc() function

Le 10/08/2016 à 11:30, Yasuo Ohgaki a écrit : Hi all, This RFC is to add session_gc() function. Hi, We at AFUP would be +1 on this RFC to add a session_gc() function. Basically: there are some situations were it could be useful and it's a quite self-contained change. Thanks for you work o

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

Hi Lester, On Wed, Aug 17, 2016 at 5:08 PM, Lester Caine wrote: > On 17/08/16 03:59, Yasuo Ohgaki wrote: >> > require_once('my_exception_error_handler.php'); > Actually load framework ... and that is the first can of worms? > >> require_once('my_input_spec_def_for_this_file.php'); > THIS is my st

Re: [PHP-DEV] Re: [RFC][DISCUSSION] Argon2 Password Hash

On Sat, Aug 6, 2016 at 12:55 PM, Charles R. Portwood II < charlesportwoo...@erianna.com> wrote: > > > I think there's a bunch of ways we can tweak this. As there's no "bad" > values for any of these cost factors per the spec, it may just be easy to > set the costs even lower end user decide if they

Re: [PHP-DEV] ReflectionType::__toString() prepending \ to class names

On Wed, Aug 17, 2016 at 7:17 PM, Aaron Piotrowski wrote: > > > On Aug 17, 2016, at 12:02 PM, Marco Pivetta wrote: > > > > That would have been a headache anyway. We saw it coming, and it will be > fixed on our end, but please don't try to outsmart it. > > I know that there is good intention on y

Re: [PHP-DEV] ReflectionType::__toString() prepending \ to class names

> On Aug 17, 2016, at 12:02 PM, Marco Pivetta wrote: > > That would have been a headache anyway. We saw it coming, and it will be > fixed on our end, but please don't try to outsmart it. > I know that there is good intention on your side, but this is really going to > just make it an issue. L

Re: [PHP-DEV] ReflectionType::__toString() prepending \ to class names

On Wed, Aug 17, 2016 at 6:55 PM, Aaron Piotrowski wrote: > > > On Aug 17, 2016, at 11:45 AM, Marco Pivetta wrote: > > > > Since scalar types are invalid anyway if prepended with `\`, I see no > point > > in producing a string with the `\` in it. > > > > The current consumers of `Type` assume no

Re: [PHP-DEV] ReflectionType::__toString() prepending \ to class names

> On Aug 17, 2016, at 11:45 AM, Marco Pivetta wrote: > > Since scalar types are invalid anyway if prepended with `\`, I see no point > in producing a string with the `\` in it. > > The current consumers of `Type` assume no `\` is prepended, and we spent an > age and a half dealing with `\` bein

Re: [PHP-DEV] ReflectionType::__toString() prepending \ to class names

Since scalar types are invalid anyway if prepended with `\`, I see no point in producing a string with the `\` in it. The current consumers of `Type` assume no `\` is prepended, and we spent an age and a half dealing with `\` being in front of class names in doctrine (and finally got rid of it).

Re: [PHP-DEV] ReflectionType::__toString() prepending \ to class names

Marco, > On Aug 17, 2016, at 11:22 AM, Marco Pivetta > wrote: > > Sorry, I have to object here: this is quite a BC break for Zend\Code, > specifically. We will have to re-adjust the code generators to adapt to the > newly introduced prepended `\`. > > In addition to

Re: [PHP-DEV] ReflectionType::__toString() prepending \ to class names

Sorry, I have to object here: this is quite a BC break for Zend\Code, specifically. We will have to re-adjust the code generators to adapt to the newly introduced prepended `\`. In addition to that, there is no need for `\` to be prepended to a type string, since inside string scope, we are always

[PHP-DEV] ReflectionType::__toString() prepending \ to class names

Hi all, I recently made some changes [1] to ReflectionType::__toString() that prepends a leading \ to class names. These changes follow from the discussion on ReflectionType improvements [2, 3] and the discussion on my PR to implement some of the RFC [4]. A \ should be prepended to class names

[PHP-DEV] GOOD Benchmark Results for PHP Master 2016-08-17

Results for project PHP master, build date 2016-08-17 06:22:41+03:00 commit: cf3a798 previous commit:befca6a revision date: 2016-08-17 01:44:58+02:00 environment:Haswell-EP cpu:Intel(R) Xeon(R) CPU E5-2699 v3 @ 2.30GHz 2x18 cores, stepping 2, LLC 45 MB

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

t immediately > when incorrect input is detected. However, this is not the case, there > are many other ways for application to handle the situation of invalid > input - while knowing it is invalid - and exact manner of this handling > is application-dependent. If your JavaScript date pi

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filtermodule

On 17/08/16 10:36, Christoph M. Becker wrote: > On 17.08.2016 at 10:58, Lester Caine wrote: > >> > ( and the javascript thing is more a case of upgrading PHP examples to >> > use html5 validation by default ) > And thereby suggesting that HTML5 or JavaScript validation reduces the > need to do pr

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filtermodule

On 17.08.2016 at 10:58, Lester Caine wrote: > ( and the javascript thing is more a case of upgrading PHP examples to > use html5 validation by default ) And thereby suggesting that HTML5 or JavaScript validation reduces the need to do proper input validation on the PHP side? No, please. -- Chr

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

"Yasuo Ohgaki" wrote in message news:caga2bxzjgggpjsvxqmdjmqvnptbucahazbwjrtbipsb-boh...@mail.gmail.com... Hi Tony, Allow me to top post. "The input validation" is not for legitimate users, but for attackers. You shouldn't help attackers by explaining what/how wrong in attackers' inputs. I

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

On 17/08/16 09:33, Stanislav Malyshev wrote: >> "Input validation" should reject all of them and does not have to inform >> users >> > (attackers) to "there is invalid input". If you need to tell legitimate >> > users > I think we disagree here. I think not doing this makes my work as a > devel

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

On 17/08/16 00:43, Yasuo Ohgaki wrote: > Allow me to top post. > > "The input validation" is not for legitimate users, but for attackers. > You shouldn't help attackers by explaining what/how wrong in attackers' > inputs. What is expected as 'post' data input is defined when building the page. T

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

Hi! > Let's say your app validate user written/chosen "Date" on client side by > JavaScript. Then browser must send whatever "Date" format you impose > to client. It may be "MMDD", for example. I'm not sure what Javascript has to do with it. Many apps don't have any client-side and have littl

Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter module

On 17/08/16 03:59, Yasuo Ohgaki wrote: > require_once('my_exception_error_handler.php'); Actually load framework ... and that is the first can of worms? > require_once('my_input_spec_def_for_this_file.php'); THIS is my sticking point ... What it needs to load is the rules for all of fields that w