Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:15384
Return-Path: <john@coggeshall.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 51279 invoked by uid 1010); 11 Mar 2005 21:50:21 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 51234 invoked from network); 11 Mar 2005 21:50:20 -0000
Received: from unknown (HELO coggeshall.org) (127.0.0.1)
  by localhost with SMTP; 11 Mar 2005 21:50:20 -0000
X-Host-Fingerprint: 167.206.4.199 mta4.srv.hcvlny.cv.net NetCache Data OnTap 5.x
Received: from ([167.206.4.199:14874] helo=mta4.srv.hcvlny.cv.net)
	by pb1.pair.com (ecelerity HEAD r(5124)) with SMTP
	id 95/D5-31540-C9212324 for <internals@lists.php.net>; Fri, 11 Mar 2005 16:50:20 -0500
Received: from [192.168.1.2] (ool-44c7569b.dyn.optonline.net [68.199.86.155])
	by mta4.srv.hcvlny.cv.net
	(iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar  3 2004))
	with ESMTP id <0ID700GI8JBS3Q@mta4.srv.hcvlny.cv.net> for
	internals@lists.php.net; Fri, 11 Mar 2005 16:50:16 -0500 (EST)
Date: Fri, 11 Mar 2005 16:49:50 -0500
In-reply-to: <20050311213710.GA29902@panix.com>
To: Daniel Convissor <danielc@analysisandsolutions.com>
Cc: PHP Internals List <internals@lists.php.net>
Reply-to: john@coggeshall.org
Message-ID: <1110577790.20051.1.camel@localhost.localdomain>
Organization: Coggeshall.org
MIME-version: 1.0
X-Mailer: Ximian Evolution 1.4.6
Content-type: text/plain
Content-transfer-encoding: 7BIT
References: <4231F330.6000705@prohost.org> <20050311212223.GA10370@panix.com>
	<42320D59.6010507@prohost.org> <20050311213710.GA29902@panix.com>
Subject: Re: [PHP-DEV] HALT Patch
From: john@coggeshall.org (John Coggeshall)

On Fri, 2005-03-11 at 16:37, Daniel Convissor wrote:
> Interesting.  I'm wondering about the security implications of this.  
> This makes it very easy to use PHP as a means to propogate all sorts of 
> nasty things.  Well, people could even do that today in one script by 
> setting a variable to a base64 encoded string then decoding it.  None the 
> less, putting binary data in PHP scripts gives me pause.

There is no issue here. You can throw binary data at the end of a PHP
script as it is now:

<?php 

   /* stuff */
   exit;
?>
<binary data here>


 -- the halt token only makes it so PHP doesn't waste time processing
something that doesn't need to be processed. 

John