Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:43939
Return-Path: <andrei@gravitonic.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 28706 invoked from network); 14 May 2009 17:41:40 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 14 May 2009 17:41:40 -0000
Authentication-Results: pb1.pair.com header.from=andrei@gravitonic.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=andrei@gravitonic.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain gravitonic.com from 209.85.200.174 cause and error)
X-PHP-List-Original-Sender: andrei@gravitonic.com
X-Host-Fingerprint: 209.85.200.174 wf-out-1314.google.com  
Received: from [209.85.200.174] ([209.85.200.174:62899] helo=wf-out-1314.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E3/68-27038-3D75C0A4 for <internals@lists.php.net>; Thu, 14 May 2009 13:41:39 -0400
Received: by wf-out-1314.google.com with SMTP id 28so788976wfc.26
        for <internals@lists.php.net>; Thu, 14 May 2009 10:41:37 -0700 (PDT)
Received: by 10.142.14.18 with SMTP id 18mr814453wfn.215.1242322896899;
        Thu, 14 May 2009 10:41:36 -0700 (PDT)
Received: from barley.local (64-71-7-198.static.wiline.com [64.71.7.198])
        by mx.google.com with ESMTPS id 30sm537069wff.29.2009.05.14.10.41.34
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Thu, 14 May 2009 10:41:35 -0700 (PDT)
Message-ID: <4A0C57CD.4030306@gravitonic.com>
Date: Thu, 14 May 2009 10:41:33 -0700
User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070807)
MIME-Version: 1.0
To: Ilia Alshanetsky <ilia@prohost.org>
CC: PHP internals <internals@lists.php.net>
References: <4A0C4D97.3090307@gravitonic.com> <DADA350C-E1CA-4162-BBC3-95C665C14A3D@prohost.org>
In-Reply-To: <DADA350C-E1CA-4162-BBC3-95C665C14A3D@prohost.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Request decoding in PHP 6 [patch]
From: andrei@gravitonic.com (Andrei Zmievski)

Ilia Alshanetsky wrote:
> Andrei,
> 
> For you point #7 regarding the session extension. Perhaps we should make 
> a simple API allowing extensions to register callbacks to execute on 
> input data. Once request encoding is set, the callbacks can be ran for 
> GPC input allow extensions (not just session) to do their input 
> processing in a safe manner. We can even take it a step further and make 
> it secondary to ext/filter processing, for some security bits.

This is a good idea. However, we still have the issue of extensions needing some data from 
the request before $_POST or $_GET are ever mentioned in the script, since the decoding is 
done only at that time.

-Andrei