Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:48220 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 14675 invoked from network); 5 May 2010 11:27:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 May 2010 11:27:22 -0000 X-Host-Fingerprint: 86.143.13.43 host86-143-13-43.range86-143.btcentralplus.com Received: from [86.143.13.43] ([86.143.13.43:6524] helo=localhost.localdomain) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 34/00-14333-F0651EB4 for ; Wed, 05 May 2010 07:27:11 -0400 Message-ID: <34.00.14333.F0651EB4@pb1.pair.com> To: internals@lists.php.net Date: Wed, 05 May 2010 12:26:59 +0100 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 References: <4BE11518.4020506@zend.com> In-Reply-To: <4BE11518.4020506@zend.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Posted-By: 86.143.13.43 Subject: Re: [PHP-DEV] Autoboxing in PHP From: markskilbeck@gmail.com (Mark Skilbeck) What exploits are there for __toString()? Just wondering. On 05/05/2010 07:50, Dmitry Stogov wrote: > Hi Moriyoshi, > > I took just a quick look through the patch, but for me it looks like a > bad idea. Introducing new magic function may bring a lot of troubles and > open a new door for exploit writer (we already have problems with > __toString() method). Also I afraid, this magic method will make php > slower even if scripts don't use this future (at least the patch > disables code specialization for ZEND_INIT_METHOD_CALL) and make some > future type propagation optimizations non-applicable. At last the patch > introduces 18 new grammar conflicts and I think it's not acceptable. > > Thanks. Dmitry.