ID: 27372 Comment by: alexandre at alapetite dot remove dot net Reported By: php-bug-NOSPAM-2004 at ryandesign dot com Status: Verified Bug Type: *General Issues Operating System: * PHP Version: 4CVS, 5CVS (2004-04-07) New Comment:
Gary Keith has already (2004-10-02) kindly modified his browscap.ini in order to prevent a specific crash about the Nutch browser. But the browscap parser should anyway include a security: when one assign a parent to the same parent in browscap.ini, there is an infinite loop that should be prevented. Example in browscap.ini: [Nutch] parent=Nutch Then in a PHP script: $browser=get_browser('Nutch'); Effect: Infinite loop that takes 100% CPU forever. Previous Comments: ------------------------------------------------------------------------ [2004-08-31 21:22:34] [EMAIL PROTECTED] I posted this on internals but I should probably add it to the bug report, too... A patch for this against HEAD is available at http://bugs.tutorbuddy.com/download.php/browscap.patch.tar.gz It contains the new parser (which goes into ext/standard) and updates to the makefiles for *ix and win32. I've tested the patch on linux and win2k, and I'd like to commit to HEAD for inclusion in 5.1. Backporting to 5.0 would be nice, too, if possible. J ------------------------------------------------------------------------ [2004-02-26 18:32:25] php_bug_27372 at garykeith dot com Hi, Derick. Since there are so many people still using very early versions of 4.3.x I know it will be a very long time before everyone upgrades to 5.* and that means I'll be stuck in the same untenable situation I'm in right now for a very long time. Kindly remove the link to my website from your documentation page. It's not fair to your users to refer them to a browscap.ini file that does not work in PHP. ~gary. ------------------------------------------------------------------------ [2004-02-26 16:37:33] [EMAIL PROTECTED] Hey, there will be no back-port to PHP 4.3, as it involves writing a whole new parser, which is simply something that should not go into a bug-fix only branch (and it is also very unlikely that there will be a 4.3.6 anyway). Now, for PHP 5 that is obviously not a problem and we'll have to write a new parser for it, which is not an easy task, and that takes time too. I can't not guarantee in which time frame that happens though. Derick ------------------------------------------------------------------------ [2004-02-26 16:27:16] php_bug_27372 at garykeith dot com Sniper, I see you deleted my messages again. And you still have not replied to the e-mail I sent you days ago. That's why I'm posting this here instead of via e-mail. It seems to be the only way to reach you. Ryan and Jay have been hard at work on fixing the problems with get_browser(). They made use of my 23,000 user agents database and with a couple of exceptions their mods made get_browser() work perfectly. The exceptions seem related to the ini parser that get_browser() apparently shares with other parts of PHP. Anyway, I have already toned down the anti-PHP rhetoric on my website because of the hard work these two guys have been doing and was ready to make some temporary changes to my browscap.ini file to accommodate PHP. But first I want some assurance from someone on the PHP team that this parser issue will be addressed, soon. I'd like to see it worked into version 5 and then maybe backported to to the 4.3 branch. Is this something you can help me with? If you'd prefer to contact me via e-mail and delete this message that's fine with me. ~gary. ------------------------------------------------------------------------ [2004-02-26 15:39:37] php-bug-NOSPAM-2004 at ryandesign dot com There's also a user agent with "check&get" in its name. While this does not cause a parser error, PHP fills its name into the array as "0" instead of its actual name. I suspect this is also related to the special way ini files are currently handled, and that it doesn't like the "&" char in the user agent string, and that this should be addressed at the same time as the "!" issue. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/27372 -- Edit this bug report at http://bugs.php.net/?id=27372&edit=1