Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:26330 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 5582 invoked by uid 1010); 4 Nov 2006 22:58:55 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 5567 invoked from network); 4 Nov 2006 22:58:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Nov 2006 22:58:55 -0000 Authentication-Results: pb1.pair.com header.from=nlopess@php.net; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=nlopess@php.net; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain php.net from 212.55.154.22 cause and error) X-PHP-List-Original-Sender: nlopess@php.net X-Host-Fingerprint: 212.55.154.22 relay2.ptmail.sapo.pt Linux 2.4/2.6 Received: from [212.55.154.22] ([212.55.154.22:59567] helo=sapo.pt) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 03/EF-31937-E2B1D454 for ; Sat, 04 Nov 2006 17:58:54 -0500 Received: (qmail 17837 invoked from network); 4 Nov 2006 22:58:51 -0000 Received: from unknown (HELO sapo.pt) (10.134.35.209) by relay2 with SMTP; 4 Nov 2006 22:58:51 -0000 Received: (qmail 12067 invoked from network); 4 Nov 2006 22:58:51 -0000 X-AntiVirus: PTMail-AV 0.3-0.88.4 X-Virus-Status: Clean (0.02407 seconds) Received: from unknown (HELO pc07653) (nunoplopes@sapo.pt@[82.155.72.228]) (envelope-sender ) by mta14 (qmail-ldap-1.03) with SMTP for ; 4 Nov 2006 22:58:51 -0000 Message-ID: <000f01c70064$c989f660$0100a8c0@pc07653> To: "Stefan Esser" Cc: "Stanislav Malyshev" , "'PHP Internals'" , "Peter Brodersen" References: <454C5E50.4030108@zend.com> <002801c7005d$caf21610$0100a8c0@pc07653> <454D1410.6010700@hardened-php.net> Date: Sat, 4 Nov 2006 22:58:47 -0000 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 Subject: Re: [PHP-DEV] allow_url_include and php:/data: From: nlopess@php.net ("Nuno Lopes") > Nuno, > > there is a simple answer to your email: > > stick your anti Esser propaganda deep into some place noone is > interested in. I was already expecting this kind of answer from you, but you clearly don't know me. The previous e-mail wasn't a personal attack nor an attack to your business, nor I was doing any type of propaganda against you. I really appreciate your effort in researching new security problems in PHP itself and in its usage. I personally also like to analyze the PHP code when I have some free time as you do, which is a task that most developers doesn't usually like. > Before I posted about this, I brought this topic up MONTHS before PHP > 5.2 was released. Even before this patch made it into PHP 5.2 from PHP 6 > tree. I didn't know that, really. But in theory I'm also a PHP developer (although not very active) and I didn't receive any information about that. So, I don't know who knew that. But if the security team was aware of that, I present my excuses to you. > And now please die or just shut the fuck up. I am sick of morons like > you who believe they can attack me without knowing the facts. If people doesn't know the facts, just explain the things to them nicely. No violence is needed, IMHO. Nuno