Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:115444 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 71944 invoked from network); 16 Jul 2021 19:59:59 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 16 Jul 2021 19:59:59 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 2D8FE1804AA for ; Fri, 16 Jul 2021 13:24:18 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 16 Jul 2021 13:24:14 -0700 (PDT) Received: by mail-pj1-f41.google.com with SMTP id jx7-20020a17090b46c7b02901757deaf2c8so7470699pjb.0 for ; Fri, 16 Jul 2021 13:24:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=eDSckvY4oSuZgi84Fp+OMCOeSpLmG473cU4j083mNo0=; b=JFCifxgoS77EJsY/TzcDwY5SjJjxShFOu7/Tq2ZluSwYqImyarWgLm4I9addYRMjua SIAUe9411a3wzC/Xgyr2OP/SGpSX5KnMxlcnjcro+ovSxBPXOV+yjzakpX4SeW0wTeRP MfUXwF1GyynjHgZcbi+7Y+6lyROyjKwGbhGj2mTchgSjiGWLyznAl9iNk5tr81q2YhXS y3INphRQVliLFDaDEo3Kf3B0xMizduQYon1WBuBlrQFq1Te65dyYOLXN5T6sNbZ80c2c 8Cgq2yG9n3H3EsMvXXWlsqmKh2lcoVlc1zYWYZANOSvTD/D553W88Rp7BxWhbjYyYafv Wfhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=eDSckvY4oSuZgi84Fp+OMCOeSpLmG473cU4j083mNo0=; b=cAbi5lDEZlbxvOC6pzuKzG+NnXSjYXrJQM/lrrk+R1xTLD4XftNoSw86/UJVQb4HN7 RUGEv5ZeXiMvev/wsEusHhN6M0kLgLRoNWTRMcCE8rs9x7cdV7wBbSwGsBS9mVqLjian KJOQFWyf7Xoh/+eePJXRCDw/DI6mU29VG+rzrS/xyGNMCl7EZpSxD2k1SxbsRfPE4iyk 4puBRyowBpCS371oHH7rsnDkK2z5MTZlCV9iEMMcCJvWOt0oqLYCWn7kqAZm0jDNi2Fs UihS/8s6NeS1uKQvvREBYVSz0abcRr945LtHw4UypP1Xr5ahqAPjppD3wPdIVzQa2dzQ 1OIw== X-Gm-Message-State: AOAM5339ld2QTRzY+LRs1ubMe9vB8b2lSrrsypnde6m2vdiueYerGHkA P7JtLegnszhoQ+i6ItUUASWEQogETMkjnXn9WLQXinNDUVI= X-Google-Smtp-Source: ABdhPJyyNsLF3tLG8x9TVf5YA7rBh3FF21c2cWtgRCHRRfV5iLhZypMnJtf9oV7U4EOjwwJiOlxzBIavHHdqaprCa3o= X-Received: by 2002:a17:902:7d83:b029:11d:75c2:79a6 with SMTP id a3-20020a1709027d83b029011d75c279a6mr9159227plm.62.1626467053174; Fri, 16 Jul 2021 13:24:13 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Fri, 16 Jul 2021 22:23:35 +0200 Message-ID: To: PHP internals Content-Type: multipart/alternative; boundary="000000000000f180fd05c7435e81" Subject: Re: [PHP-DEV] [RFC] [VOTE] is_literal From: divinity76@gmail.com (Hans Henrik Bergan) --000000000000f180fd05c7435e81 Content-Type: text/plain; charset="UTF-8" short of a bug in esc_like(), i don't even see the vulnerability issue in that code? that sanitize call looks like a data corruption issue and i bet it fails to search for binary data, but i don't see the critical vulnerability? --000000000000f180fd05c7435e81--