Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:48228 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 6714 invoked from network); 6 May 2010 08:12:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 May 2010 08:12:00 -0000 Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass; domainkeys=bad Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.216 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.218.216 mail-bw0-f216.google.com Received: from [209.85.218.216] ([209.85.218.216:54716] helo=mail-bw0-f216.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D8/61-31052-EC972EB4 for ; Thu, 06 May 2010 04:11:58 -0400 Received: by bwz8 with SMTP id 8so3394033bwz.23 for ; Thu, 06 May 2010 01:11:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=YJj2vNDCn7gCKbXDeIH9X02BZqSCc2XZ29CGhGVMb8U=; b=wrAyPi4i0PA4lWt1iktBsq1yqkO2lBzKLYyup07SHxfShT1HkjvN7q3P1TKizZADlf 3ETb6mUw/gRU66rq0vJG8ggAr51K6ed07zSF9iobR1Bl6ryz0KsOOAaJlTI54ft5xQEO iwGsUCBJibuLogvWNj5p5ICQqRUPJCt8Z2RqM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=OGEki8utx5tqxuKqw3+W2JbRUeTXh+KjXwwwC7FqNQpalw+D9jwSuJEzHauzUDgfuS VkUGxRppyOEHDdTEUIlQSU6rP8CcUrBDpIZO7SDuXuuhZhZLiu8YaTR38s2C3c2rTblx +a5pPMd5GbA1VXlfx+TCIlYGYeJoc+MOSF7ME= MIME-Version: 1.0 Received: by 10.204.138.219 with SMTP id b27mr7400113bku.139.1273133513902; Thu, 06 May 2010 01:11:53 -0700 (PDT) Received: by 10.204.60.146 with HTTP; Thu, 6 May 2010 01:11:53 -0700 (PDT) In-Reply-To: <34.00.14333.F0651EB4@pb1.pair.com> References: <4BE11518.4020506@zend.com> <34.00.14333.F0651EB4@pb1.pair.com> Date: Thu, 6 May 2010 10:11:53 +0200 Message-ID: To: Mark Skilbeck Cc: internals@lists.php.net Content-Type: multipart/alternative; boundary=001517448606d949da0485e87e99 Subject: Re: [PHP-DEV] Autoboxing in PHP From: tyra3l@gmail.com (Ferenc Kovacs) --001517448606d949da0485e87e99 Content-Type: text/plain; charset=UTF-8 Maybe this one? http://www.php-security.org/2010/05/03/mops-2010-006-php-addcslashes-interruption-information-leak-vulnerability/index.html Tyrael On Wed, May 5, 2010 at 1:26 PM, Mark Skilbeck wrote: > What exploits are there for __toString()? Just wondering. > > > On 05/05/2010 07:50, Dmitry Stogov wrote: > >> Hi Moriyoshi, >> >> I took just a quick look through the patch, but for me it looks like a >> bad idea. Introducing new magic function may bring a lot of troubles and >> open a new door for exploit writer (we already have problems with >> __toString() method). Also I afraid, this magic method will make php >> slower even if scripts don't use this future (at least the patch >> disables code specialization for ZEND_INIT_METHOD_CALL) and make some >> future type propagation optimizations non-applicable. At last the patch >> introduces 18 new grammar conflicts and I think it's not acceptable. >> >> Thanks. Dmitry. >> > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --001517448606d949da0485e87e99--