Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:43936
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 24046 invoked from network); 14 May 2009 17:26:42 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 May 2009 17:26:42 -0000
Authentication-Results: pb1.pair.com header.from=ilia@prohost.org; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=ilia@prohost.org; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain prohost.org from 209.85.219.166 cause and error)
X-PHP-List-Original-Sender: ilia@prohost.org
X-Host-Fingerprint: 209.85.219.166 mail-ew0-f166.google.com  
Received: from [209.85.219.166] ([209.85.219.166:53999] helo=mail-ew0-f166.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id AB/67-27038-0545C0A4 for <internals@lists.php.net>; Thu, 14 May 2009 13:26:41 -0400
Received: by ewy10 with SMTP id 10so1785055ewy.23
        for <internals@lists.php.net>; Thu, 14 May 2009 10:26:38 -0700 (PDT)
Received: by 10.216.11.82 with SMTP id 60mr966321wew.36.1242321997699;
        Thu, 14 May 2009 10:26:37 -0700 (PDT)
Received: from ?192.168.1.169? (TOROON63-1176059019.sdsl.bell.ca [70.25.60.139])
        by mx.google.com with ESMTPS id x6sm559675gvf.9.2009.05.14.10.26.35
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 14 May 2009 10:26:36 -0700 (PDT)
Cc: PHP internals <internals@lists.php.net>
Message-ID: <DADA350C-E1CA-4162-BBC3-95C665C14A3D@prohost.org>
To: Andrei Zmievski <andrei@gravitonic.com>
In-Reply-To: <4A0C4D97.3090307@gravitonic.com>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v935.3)
Date: Thu, 14 May 2009 13:26:32 -0400
References: <4A0C4D97.3090307@gravitonic.com>
X-Mailer: Apple Mail (2.935.3)
Subject: Re: [PHP-DEV] Request decoding in PHP 6 [patch]
From: ilia@prohost.org (Ilia Alshanetsky)

Andrei,

For you point #7 regarding the session extension. Perhaps we should  
make a simple API allowing extensions to register callbacks to execute  
on input data. Once request encoding is set, the callbacks can be ran  
for GPC input allow extensions (not just session) to do their input  
processing in a safe manner. We can even take it a step further and  
make it secondary to ext/filter processing, for some security bits.


Ilia Alshanetsky




On 14-May-09, at 12:57 PM, Andrei Zmievski wrote:

> Request decoding is one of a few remaining pieces of the Unicode  
> puzzle. The proposed solution was outlined in a blog post [1] I  
> wrote a while back. There has been no movement on this front pretty  
> much since then, but now that 5.3 is wrapping up I want to put some  
> momentum behind PHP 6. Towards that, I have been working on a patch  
> that implements the request decoding functionality. The patch [2]  
> and the notes [3] are linked to below. This is not a final effort by  
> any means, but I believe the patch is solid and the rest can be done  
> in a similar manner. Right now, it implements only $_POST, $_GET,  
> $_FILES, and $_REQUEST decoding. Deciding how to handle $_COOKIES is  
> the next step, which is mentioned in the notes. Please take a look  
> and comment.
>
> -Andrei
>
> [1] http://gravitonic.com/2007/02/php-6-and-request-decoding
> [2] http://gravitonic.com/dump/request_decoding.patch
> [3] http://gravitonic.com/dump/request_decoding.txt
>
>
> -- 
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>