Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:29005
Return-Path: <ceo@l-i-e.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 86917 invoked by uid 1010); 25 Apr 2007 00:29:18 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 86902 invoked from network); 25 Apr 2007 00:29:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 25 Apr 2007 00:29:18 -0000
Authentication-Results: pb1.pair.com header.from=ceo@l-i-e.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=ceo@l-i-e.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain l-i-e.com from 67.139.134.202 cause and error)
X-PHP-List-Original-Sender: ceo@l-i-e.com
X-Host-Fingerprint: 67.139.134.202 o2.hostbaby.com FreeBSD 4.7-5.2 (or MacOS X 10.2-10.3) (2)
Received: from [67.139.134.202] ([67.139.134.202:4335] helo=o2.hostbaby.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 08/FE-60955-DD0AE264 for <internals@lists.php.net>; Tue, 24 Apr 2007 20:29:18 -0400
Received: (qmail 29423 invoked by uid 98); 25 Apr 2007 00:29:19 -0000
Received: from 127.0.0.1 by o2.hostbaby.com (envelope-from <ceo@l-i-e.com>, uid 1013) with qmail-scanner-2.01 
 (clamdscan: 0.88.7/3154.  
 Clear:RC:1(127.0.0.1):. 
 Processed in 0.103305 secs); 25 Apr 2007 00:29:19 -0000
Received: from localhost (HELO l-i-e.com) (127.0.0.1)
  by localhost with SMTP; 25 Apr 2007 00:29:19 -0000
Received: from 216.230.84.67
        (SquirrelMail authenticated user ceo@l-i-e.com)
        by www.l-i-e.com with HTTP;
        Tue, 24 Apr 2007 19:29:19 -0500 (CDT)
Message-ID: <44756.216.230.84.67.1177460959.squirrel@www.l-i-e.com>
In-Reply-To: <462E2D6E.7080205@lerdorf.com>
References: <35.58.21560.7D6AD264@pb1.pair.com> <462DB34D.4080506@zend.com>
    <56.EF.60955.8A52E264@pb1.pair.com> <462E2989.4090908@zend.com>
    <40.81.60955.D9C2E264@pb1.pair.com> <462E2D6E.7080205@lerdorf.com>
Date: Tue, 24 Apr 2007 19:29:19 -0500 (CDT)
To: "Rasmus Lerdorf" <rasmus@lerdorf.com>
Cc: "Chris Malton" <chrism@cjsoftuk.dyndns.org>,
 internals@lists.php.net
Reply-To: ceo@l-i-e.com
User-Agent: Hostbaby Webmail
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: Re: [PHP-DEV] Segfault in PHP 5.2.1
From: ceo@l-i-e.com ("Richard Lynch")

On Tue, April 24, 2007 11:16 am, Rasmus Lerdorf wrote:
> Chris Malton wrote:
>> // secure variables from outside
>> $modxtags = array('@<script[^>]*?>.*?</script>@si',
>>                   '@&#(\d+);@e',
>>                   '@\[\[(.*?)\]\]@si',
>>                   '@\[!(.*?)!\]@si',
>>                   '@\[\~(.*?)\~\]@si',
>>                   '@\[\((.*?)\)\]@si',
>>                   '@{{(.*?)}}@si',
>>                   '@\[\*(.*?)\*\]@si');
>> foreach($_POST as $key => $value) {
>>   $_POST[$key] = preg_replace($modxtags,"", $value);
>> }
>> foreach($_GET as $key => $value) {
>>   $_GET[$key] = preg_replace($modxtags,"", $value);
>> }
>
> I find this part funny.  I wonder what they think this is securing.

I was also amused by their setting of error_reporting to not have
E_NOTICE, which immediately disqualifies it for my use.

And then setting the display_errors as the second to last line in the
file...

If you're relying on the PHP script to change that kind of stuff, it
ought to be much much sooner in the file.

Like at the very top.

[shrug]

At any rate, an infinite loop attempting to re-connect to the
database, or, possibly, a CMS with so MANY queries that it looks like
an infinite loop of connecting to the database...

Still, it probably shouldn't segfault, eh?

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?