[PHP-DEV] Bug #12432 Updated: not valid mysql ressource

ID: 12432 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Old Status: Closed Status: Open Bug Type: MySQL related Operating System: GNU Linux PHP Version: 4.0.6 New Comment: The eMail system is not working correctly, there is some more sourcecode in my message, please watch it

[PHP-DEV] Bug #12461: browser hangs unless I uncheck keep alives in IIS5.0

From: [EMAIL PROTECTED] Operating system: win2k PHP version: 4.0.6 PHP Bug Type: Any Bug description: browser hangs unless I uncheck keep alives in IIS5.0 Upgraded from PHP4.04pl to PHP4.06 and now the browsers are hanging. I am writing an application with php and mysql on w

[PHP-DEV] Bug #12335 Updated: mail() function returns false but the email was sent.

ID: 12335 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Old Status: Feedback Status: Open Bug Type: Mail related Operating System: Sun Solaris 2.6 PHP Version: 4.0.6 New Comment: This was a misunderstanding. I have the problems with version 4.0.6. But this machine is not on

Re: [PHP-DEV] Coding standards (layout)

For those of you who aren't sure where the heck those space-after-comma and the other rules are coming from, that's the K&R coding standard, which is the coding standard for the php4 repository. One other rule that's really not followed is [3]: [3] Be generous with whitespace and braces. Al

Re: [PHP-DEV] Security techniques

At 21:23 29/07/2001, Stephen van Egmond wrote: >Zeev Suraski ([EMAIL PROTECTED]) wrote: > > > At 12:04 29/07/2001, Stephen van Egmond wrote: > > >2. when a uploaded file fails is_uploaded_file(). > > > > My English parser bailed out on this one :) > >How's your PHP parser doing? :) > >foreach $f (

Re: [PHP-DEV] Security Issues - a bit of my experience

At 21:34 29/07/2001, Stephen van Egmond wrote: >Zeev Suraski ([EMAIL PROTECTED]) wrote: > > - register_globals=on leads to insecure code, which was demonstrated time > > and time again in the past. > > - Once it's off, we're going to provide methods of accessing variables > > which are just as eas

Re: [PHP-DEV] Security Issues - a bit of my experience

> I was trying to step back a bit and identify some of the patterns in > the attacks identified in the paper. One extremely popular pattern was > spoofing variables by overwriting them: GET variables overwriting > POST, usually, and I suggested that some SAPI stunt be pulled to catch > that. Tha

Re: [PHP-DEV] Security Issues - a bit of my experience

Zeev Suraski ([EMAIL PROTECTED]) wrote: > - register_globals=on leads to insecure code, which was demonstrated time > and time again in the past. > - Once it's off, we're going to provide methods of accessing variables > which are just as easy, and quite easier in case you access them from > fu

Re: [PHP-DEV] Security techniques

Zeev Suraski ([EMAIL PROTECTED]) wrote: > At 12:04 29/07/2001, Stephen van Egmond wrote: > >2. when a uploaded file fails is_uploaded_file(). > > My English parser bailed out on this one :) How's your PHP parser doing? :) foreach $f ($HTTP_POST_FILES) { if (!is_uploaded_file($f)) {

[PHP-DEV] Coding standards (layout)

Guys, Please follow the coding standards as they appear in the CODING_STANDARDS with code you commit to the PHP repository. Stuff I noticed while going over large portions of code in the last few days: - open-curly-braces should not appear on the same line as a function declaration, but on t

Re: [PHP-DEV] Object Overloading Interface

At 02:40 29/07/2001, Sterling Hughes wrote: > Ahh well, I guess I'll have to commit it before the changes and then > expect Zeev and Andi to fix it :) We have no plans to fix those, because they'd require complete rewrites :) Zeev -- PHP Development Mailing List

Re: [PHP-DEV] Object Overloading Interface

It will be completely different, I'm afraid. Whatever API code's gluing your low level code to the engine, will have to be completely rewritten, but it'd be a much simpler and easy to write for API. At 23:03 28/07/2001, Sterling Hughes wrote: > g'day, > > I'm just sending a message to

Re: [PHP-DEV] Security techniques

At 12:04 29/07/2001, Stephen van Egmond wrote: >2. when a uploaded file fails is_uploaded_file(). My English parser bailed out on this one :) >I felt bad when I saw is_uploaded_file() introduced - it is such a >cheezy function call; people shouldn't even have to call it themselves, >and I ca

Re: [PHP-DEV] Security Issues

Generally I agree, except I don't think we should go as far as changing the theme of PHP. Putting form variables into a different space would be the simplest and equally secure way to do the trick. At 08:32 26/07/2001, [EMAIL PROTECTED] wrote: >Hi Zeev! >On Thu, 26 Jul 2001, Zeev Suraski wrote

Re: [PHP-DEV] Security Issues - a bit of my experience

What you ignored completely are three facts: - register_globals=on leads to insecure code, which was demonstrated time and time again in the past. - Once it's off, we're going to provide methods of accessing variables which are just as easy, and quite easier in case you access them from functio

[PHP-DEV] Bug #12209 Updated: apxs not creating libphp4.so during 'make install'

ID: 12209 Updated by: avsm Reported By: [EMAIL PROTECTED] Old Status: Open Status: Feedback Bug Type: Apache related Operating System: OpenBSD 2.9 PHP Version: 4.0.6 Previous Comments: [2001-07-17 11:52:05] [EMAIL PROTECTE

[PHP-DEV] Bug #12209 Updated: apxs not creating libphp4.so during 'make install'

ID: 12209 Updated by: avsm Reported By: [EMAIL PROTECTED] Status: Open Bug Type: Apache related Operating System: OpenBSD 2.9 PHP Version: 4.0.6 New Comment: Try using the port of PHP4, as detailed in: http://www.php.net/manual/en/install.openbsd.php Previous Comments: -

[PHP-DEV] Re: Bug #12166 Updated: SQL_CUR_DEFAULT constant not defined in php_odbc.dll

> ID: 12166 > Updated by: kalowsky > Reported By: [EMAIL PROTECTED] > Old Status: Open > Status: Feedback > Bug Type: ODBC related > Operating System: Windows ME > PHP Version: 4.0.6 > New Comment: > > > Which docs are you referring to? The ODBC docs for PHP? The ODBC v3 docs? > The ODBC v3.5

[PHP-DEV] JAVA support.

Hello.I instantiated new class [ eg.  ]. I got blank response, and that child of Apache died.  Is this a bug that I should report?  or I'm missing somthing here?   Any expert please give me some suggestions.For Apache error log, [Fri Jul 27 17:40:01 2001] [notice] child pid 48040 exit

[PHP-DEV] php+apache2 anyone?

Anyone got an Apache2 running (which one) with PHP (which one) ? thx ciao -- teodor -- PHP Development Mailing List To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP-DEV] Bug #12460: ZLIBG(v) redefined in ext/zlib/php_zlib.h

From: [EMAIL PROTECTED] Operating system: SuSE 7.1 PHP version: 4.0CVS-2001-07-29 PHP Bug Type: Compile Failure Bug description: ZLIBG(v) redefined in ext/zlib/php_zlib.h In file included from zlib.c:48: php_zlib.h:74: warning: `ZLIBG' redefined php_zlib.h:73: warning:

[PHP-DEV] Bug #12457 Updated: Mail()

ID: 12457 Updated by: mfischer Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: PHP options/info functions Operating System: Widnows 98 PHP Version: 4.0.6 New Comment: Yes, you can call it whereever you want. Btw, such questions are best asked at [EMAIL PROTECTED] Prev

Re: [PHP-DEV] Chora installed

Alexander Merz wrote: > > > > I'm completely open to better solutions, but haven't actually be able to > > > find any. We _could_ start browser sniffing I guess. > > My experience is that you have to make fonts slightly bigger for > > Netscape 4.x on X11 and Opera. > It would not be simpler to a

Re: [PHP-DEV] Object Overloading Interface

On Mon, 30 Jul 2001, Stig S. Bakken wrote: > Sterling Hughes wrote: > > > > g'day, > > > > I'm just sending a message to check how different the OO overloading > > interface will be in the Zend Engine 2? I'm currently writing an > > extension which uses the current overloading st

Re: [PHP-DEV] Object Overloading Interface

Sterling Hughes wrote: > > g'day, > > I'm just sending a message to check how different the OO overloading > interface will be in the Zend Engine 2? I'm currently writing an > extension which uses the current overloading stuff, how different > will the new stuff be? will th

[PHP-DEV] Bug #12455 Updated: Srand and shuffle give odd results

ID: 12455 User updated by: [EMAIL PROTECTED] Reported By: [EMAIL PROTECTED] Status: Open Bug Type: *Math Functions Operating System: SunOS 5.8 (Solaris) PHP Version: 4.0.4pl1 New Comment: Well, when I run that code I get 4, not 500. Upping the number of iterations doesn't help. I think the prob

[PHP-DEV] Bug #12403 Updated: VARIANT.c : error C2065 'CP_SYMBOL' : undeclared identifier

ID: 12403 Updated by: phanto Reported By: [EMAIL PROTECTED] Old Status: Open Status: Closed Bug Type: COM related Operating System: NT 4 PHP Version: 4.0.6 New Comment: forgot to close Previous Comments: [2001-07-29 16:16:

[PHP-DEV] Bug #12403 Updated: VARIANT.c : error C2065 'CP_SYMBOL' : undeclared identifier

ID: 12403 Updated by: phanto Reported By: [EMAIL PROTECTED] Status: Open Bug Type: COM related Operating System: NT 4 PHP Version: 4.0.6 New Comment: simply comment them out for now, it doesn't matter. you only won't have these constants defined in your php build (but you can't use them on your

[PHP-DEV] CVS Account Request

Full name: Halil Sen Email: [EMAIL PROTECTED] ID:halilsen Purpose: Maintaining www.php.net, Developing the PHP runtime -- PHP Development Mailing List To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact th

Re: [PHP-DEV] crontab support for PHP

Stig S. Bakken ([EMAIL PROTECTED]) wrote: > Uhm, why not simply run PHP scripts from cron? Or did you want > something inside a web server environment? I personally have been looking for something similar. AOLServer has this facility: http://www.aolserver.com/docs/tcldev/tapi-114.htm a

Re: [PHP-DEV] Proposal

Rasmus Lerdorf ([EMAIL PROTECTED]) wrote: > How to get there... > > For 4.0.7: > > - We leave all default configuration settings as they are now. > - We add $_GET, $_POST, $_COOKIE, $_ENV, $_SERVER and perhaps make them >super-globals like $GLOBALS +1 > - We add a new function, somewhat

[PHP-DEV] Bug #12457: Mail()

From: [EMAIL PROTECTED] Operating system: Widnows 98 PHP version: 4.0.6 PHP Bug Type: PHP options/info functions Bug description: Mail() I want to know , if the function mail() it can be placed in the middle of the page. Without being placed in the beginning, before the --

Re: [PHP-DEV] Security techniques

Quoting Rasmus Lerdorf <[EMAIL PROTECTED]>: > As long as it works with all browsers, which as far as I can tell it does, > then it doesn't really concern me that some servers don't support it. > Apache will definitely always support this. Yup - I haven't found a browser that has problems with it

Re: [PHP-DEV] Security techniques

> > Huh? I use this all the time in my apps. There is absolutely nothing > > wrong with having both GET and POST method variables at the same time. > > Disallowing this would break almost every app I have ever written. > > Well, it works fine with Apache, and probably some other servers, but it

Re: [PHP-DEV] Security techniques

Quoting Rasmus Lerdorf <[EMAIL PROTECTED]>: > Huh? I use this all the time in my apps. There is absolutely nothing > wrong with having both GET and POST method variables at the same time. > Disallowing this would break almost every app I have ever written. Well, it works fine with Apache, and

Re: [PHP-DEV] Security techniques

> Have PHP reject (fail to process, die, whatever) a hit that is > anomalous. Definitions of anomalous: > > 1. GET variables set while METHOD != GET > > i.e. > > ... > Huh? I use this all the time in my apps. There is absolutely nothing wrong with having both GET and POST

[PHP-DEV] Security techniques

I was going to reply to Phil Driscoll's post (from Friday) about E_SECURITY warning level, but thought it might belong better in a different thread. This thread is for collecting some ideas for security enhancements that can happen in PHP, besides the already-known register_globals. My idea:

Re: [PHP-DEV] Security Issues (backward fix)

Hi Ron! On Sat, 28 Jul 2001, Ron Chmara wrote: > On Saturday, July 28, 2001, at 12:52 PM, Zeev Suraski wrote: > > At 06:01 28/07/2001, Phil Driscoll wrote: > >> I and no doubt thousands of others will turn > >> register_globals on because it gives much more readable code, > >> much less > >> t

Re: [PHP-DEV] Security Issues

Hi Zeev! On Thu, 26 Jul 2001, Zeev Suraski wrote: > At 02:18 26/07/2001, Ron Chmara wrote: > >> If most of the PHP apps out there are or were vulnerable to > >> register_globals=on attacks, we can't (shouldn't) blame the whole world, > >> but fix the language instead. > > > >I'd suggest fixin

Re: [PHP-DEV] Bug #12453: comparing 0=="null" is true?

Hi btanner! On Sun, 29 Jul 2001, [EMAIL PROTECTED] wrote: > From: [EMAIL PROTECTED] > Operating system: Win2k > PHP version: 4.0.6 > PHP Bug Type: Scripting Engine problem > Bug description: comparing 0=="null" is true? > > If you compare the integer(0) to the string "null"

Re: [PHP-DEV] function basename()

Hi Marcus! On Thu, 26 Jul 2001, Marcus wrote: > shouldn't the function basename() return only the > script part and not the query part? I guess basename() is a filesistem function, and hence it doesn't make sense to care about `query string' cause in the file systems there are no such things. I

Re: [PHP-DEV] Security Issues (isset stuff)

Hi Phil! On Sat, 28 Jul 2001, Phil Driscoll wrote: > > That's not going to find half, or a quarter, or whatever of the problems, > > since PHP has tools to cleanly handle undefined variables - namely isset() > > and empty(). They, or at least isset(), are quite popular. > > I always use somethi

Re: [PHP-DEV] Bug #12456: PHP does not compile with --with-apxs2

On 29 Jul 2001, [EMAIL PROTECTED] wrote: > From: [EMAIL PROTECTED] > Operating system: Linux Slackware 8.0 > PHP version: 4.0.6 > PHP Bug Type: Compile Failure > Bug description: PHP does not compile with --with-apxs2 > > > Apache 2.0.16 was configured with --enable-so

Re: [PHP-DEV] Security Issues - a bit of my experience

Rasmus Lerdorf ([EMAIL PROTECTED]) wrote: > Think about whether in each of these cases it would have happened if the > developers of the app had developed with E_NOTICE on. In a high number of > these cases it probably wouldn't. And if this number is close to 100%, > then it would point to the f

[PHP-DEV] Bug #12455 Updated: Srand and shuffle give odd results

ID: 12455 Updated by: rasmus Reported By: [EMAIL PROTECTED] Status: Open Bug Type: *Math Functions Operating System: SunOS 5.8 (Solaris) PHP Version: 4.0.4pl1 New Comment: I don't think I understand what the problem is here. I tested your code with the following: This always returns 500

[PHP-DEV] Object Overloading Interface

g'day, I'm just sending a message to check how different the OO overloading interface will be in the Zend Engine 2? I'm currently writing an extension which uses the current overloading stuff, how different will the new stuff be? will there be some level of backwards com

[PHP-DEV] CVS Account Request

Full name: Serdar Soydemir Email: [EMAIL PROTECTED] ID:tpug Purpose: I am one of the council-members of Turkiye PHP Users Group, www.php.org.tr. We are planning to work on Turkish translation of PHP Manual. If no one/team is assigned on this work, we want to create a new Turkish tr

[PHP-DEV] Latest thread safety patch

Howdy, Just been going through the latest thread safety patch and I was wondering why the EXT* macro's have been deleted in favor of directly passing the zend_*_globals *name (take a look at OCI8 for more of what I'm talking about). -Sterling -- PHP Development Mailing

[PHP-DEV] How is a Syntax Highlight editor made ?

Hello ... It shouldn't be so difficult to make a simple text exitor like Notepad but how to make it have a syntax hightlight ability ? Is there any document dealing with how to make such aditor for PHP or for any other language ? Thanks in advance ...(and sorry if this is not the right place

Re: [PHP-DEV] Security Issues

At 10:27 29/07/2001, Phil Driscoll wrote: >On Sunday 29 July 2001 17:35, Zeev Suraski wrote: > > *sigh* :) As I said numerous times, PHP gives you standard clean ways to > > test your variables without generating E_NOTICE's, namely, isset() (very > > popular) and empty() (less popular, but availa

Re: [PHP-DEV] Security Issues

On Sunday 29 July 2001 17:35, Zeev Suraski wrote: > *sigh* :) As I said numerous times, PHP gives you standard clean ways to > test your variables without generating E_NOTICE's, namely, isset() (very > popular) and empty() (less popular, but available all the same). There's a > good, fairly darn

Re: [PHP-DEV] Re: Proposal

Note again that we should not see this change for what it isn't - it *is* going to be a painful move for those who actually do it. The reason for this is that register_globals=on silently encouraged writing of faulty code. In turn, this means that people would have to go over their code in o

Re: [PHP-DEV] Proposal

At 00:27 29/07/2001, Heikki Korpela wrote: >On Sat, 28 Jul 2001, Rasmus Lerdorf wrote: > > > // And perhaps some globbing: > > // Import any variable with abc in its name from anywhere. > > // Could alternatively use SQL-style or perhaps real regex > > // expressions here altho

Re: [PHP-DEV] Proposal

At 00:48 29/07/2001, Rasmus Lerdorf wrote: > > I'm against a global function like this, but in favour of the 2nd flavour, > > where you have to explicitly pass a list of variable names to import. > >Actually, I mostly had something like: import_globals("ES") in mind for >the import all variety. I

Re: [PHP-DEV] Security Issues

At 01:04 29/07/2001, Phil Driscoll wrote: >On Saturday 28 July 2001 20:52, Zeev Suraski wrote: > >a rebuf to each of my arguments :) > >Rather than prolong the agony, my point is that in all the cases where a >malicious user has the chance to inject a dodgy variable, the code must >normally have a

[PHP-DEV] Bug #12456: PHP does not compile with --with-apxs2

From: [EMAIL PROTECTED] Operating system: Linux Slackware 8.0 PHP version: 4.0.6 PHP Bug Type: Compile Failure Bug description: PHP does not compile with --with-apxs2 Apache 2.0.16 was configured with --enable-so PHP was configured with --with-mysql=/path/to/mysql --wi

Re: [PHP-DEV] Chora installed

> > I'm completely open to better solutions, but haven't actually be able to > > find any. We _could_ start browser sniffing I guess. > My experience is that you have to make fonts slightly bigger for > Netscape 4.x on X11 and Opera. It would not be simpler to avoid the use of font-size? -- PH

Re: [PHP-DEV] crontab support for PHP

> Max Landborn wrote: > > > > Hello everyone! > > > > I'm new to this list, therefore I do not know if you have discussed this > > matter before. I'm interested in something like crontab for PHP. This should > > be plattform independent and easy to maintain. I have a few ideas of how to > > implem

Re: [PHP-DEV] PHP logfile of PHP variables and scripts

Alex Vincent wrote: > > One thing I've been thinking about recently is a desire for PHP to > provide a function whereby PHP scripts can log incoming variables (such > as $HTTP_POST_VARS) and the PHP scripts which process them. Such a > function can prove very useful in knowing what a particular

Re: [PHP-DEV] crontab support for PHP

Max Landborn wrote: > > Hello everyone! > > I'm new to this list, therefore I do not know if you have discussed this > matter before. I'm interested in something like crontab for PHP. This should > be plattform independent and easy to maintain. I have a few ideas of how to > implement it even th

[PHP-DEV] Artikel 'Startseite' per E-Mail

Guten Tag, vom Rechner 217.1.142.1 hat jemand Ihnen folgende Seite geschickt: http://phpcenter.de/index.php3 Title: PHP-Center - Startseite   Suche:  Seite verschickenQuickref  deen   Inhalt

[PHP-DEV] Re: Proposal

I like this proposal a LOT! See, what I and a few of my friends have recently been doing is starting to teach PHP to website owners. And they have all been taking to it VERY WELL!!! (Actually Rasmus, you may remember this. You were interviewed by TDavid of Scriptschool about 8 months or so ago

[PHP-DEV] crontab support for PHP

Hello everyone! I'm new to this list, therefore I do not know if you have discussed this matter before. I'm interested in something like crontab for PHP. This should be plattform independent and easy to maintain. I have a few ideas of how to implement it even though I'm rather new to PHP. I'm do

[PHP-DEV] Bug #12455: Srand and shuffle give odd results

From: [EMAIL PROTECTED] Operating system: SunOS 5.8 (Solaris) PHP version: 4.0.4pl1 PHP Bug Type: *Math Functions Bug description: Srand and shuffle give odd results I'm using the following code to create random strings (passwords): $password = ""; $array = array('a'

[PHP-DEV] Bug #12454: Static references are transient inside methods

From: [EMAIL PROTECTED] Operating system: Linux PHP version: 4.0.6 PHP Bug Type: Variables related Bug description: Static references are transient inside methods Another unfortunate bug with references appears to be that statics holding references inside methods are actuall

Re: [PHP-DEV] Bug #12450: Segfaults if recode is loaded after mysqlor imap

On Sun, 29 Jul 2001, Heikki Korpela wrote: > with mysql first in loaded modules, but crash when recode is loaded first. I specified these the wrong way around. Sorry. :-) Recode first works ok, mysql first doesn't. // / Furthe

Re: [PHP-DEV] Bug #12450: Segfaults if recode is loaded after mysqlor imap

On 28 Jul 2001 [EMAIL PROTECTED] wrote: > Recode versions tested: 3.5d, 3.6. > PHP versions tested: 4.0.6. I'd like to add Apache 1.3.19 on OpenBSD-current (i386) with PHP 4.0.6, recode 3.6 and mysql 3.23.40 (non-bundled) to platforms affected. Recode and MySQL work just fine (i.e., they are act

Re: [PHP-DEV] Proposal

On Sunday 29 July 2001 07:57, Zeev Suraski wrote: > I'm against a global function like this, but in favour of the 2nd flavour, > where you have to explicitly pass a list of variable names to import. I > also think that it should only support prefix globbing, other types of > globbing are prone to

Re: [PHP-DEV] Security Issues

On Saturday 28 July 2001 20:52, Zeev Suraski wrote: a rebuf to each of my arguments :) Rather than prolong the agony, my point is that in all the cases where a malicious user has the chance to inject a dodgy variable, the code must normally have a logic path which allows the code to pass throu

Re: [PHP-DEV] Proposal

> I'm against a global function like this, but in favour of the 2nd flavour, > where you have to explicitly pass a list of variable names to import. Actually, I mostly had something like: import_globals("ES") in mind for the import all variety. Importing all server and environment variables when

Re: [PHP-DEV] Proposal

On Sat, 28 Jul 2001, Rasmus Lerdorf wrote: > // And perhaps some globbing: > // Import any variable with abc in its name from anywhere. > // Could alternatively use SQL-style or perhaps real regex > // expressions here although I think full regex support would be > // sli