Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:50239
Return-Path: <dmitry@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 5897 invoked from network); 16 Nov 2010 08:08:37 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Nov 2010 08:08:37 -0000
Authentication-Results: pb1.pair.com smtp.mail=dmitry@zend.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=dmitry@zend.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.185 as permitted sender)
X-PHP-List-Original-Sender: dmitry@zend.com
X-Host-Fingerprint: 212.25.124.185 il-mr1.zend.com  
Received: from [212.25.124.185] ([212.25.124.185:58148] helo=il-mr1.zend.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id B8/21-25603-30C32EC4 for <internals@lists.php.net>; Tue, 16 Nov 2010 03:08:36 -0500
Received: from il-gw1.zend.com (unknown [10.1.1.22])
	by il-mr1.zend.com (Postfix) with ESMTP id 1313350460;
	Tue, 16 Nov 2010 10:03:05 +0200 (IST)
Received: from ws.home (10.1.10.4) by il-ex2.zend.net (10.1.1.22) with
 Microsoft SMTP Server id 14.0.689.0; Tue, 16 Nov 2010 10:08:30 +0200
Message-ID: <4CE23BFE.30403@zend.com>
Date: Tue, 16 Nov 2010 11:08:30 +0300
User-Agent: Thunderbird 2.0.0.23 (X11/20090825)
MIME-Version: 1.0
To: Rasmus Lerdorf <rasmus@lerdorf.com>
CC: Stas Malyshev <smalyshev@sugarcrm.com>, Andi Gutmans <andi@zend.com>,
	internals <internals@lists.php.net>
References: <4CE03E41.9030805@lerdorf.com> <8757232E56758B42B2EE4F9D2CA019C9086B69@US-EX2.zend.net> <4CE10E8E.3070901@lerdorf.com> <4CE206C0.5070701@sugarcrm.com> <8757232E56758B42B2EE4F9D2CA019C908A06A@US-EX2.zend.net> <4CE215A3.30606@lerdorf.com> <4CE220CB.5090005@sugarcrm.com> <4CE22181.8090904@lerdorf.com>
In-Reply-To: <4CE22181.8090904@lerdorf.com>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Adding path_len to all stream functions in trunk
From: dmitry@zend.com (Dmitry Stogov)

hi,

don't we have ext/filter that should check all the dangerous input 
strings? It would be useless to perform additional checks for constant 
stings known at compile time (e.g. on include "foo.php")

Thanks. Dmitry.

Rasmus Lerdorf wrote:
> On 11/15/10 10:12 PM, Stas Malyshev wrote:
>> Hi!
>>
>>> Well, it changes the signature of that function, so while we don't break
>>> backward binary compatibility, we break forward compatibility within the
>>> 5.3 branch.  As in, if I change my extension to use this new NoNull
>>> string flag, it will no longer work on<5.3.3 whereas if I do the
>>> if(strlen(filename) != filename_len) check, this will still work in all
>>> 5.3 releases.
>> So if you have such extension, and you need to have it compatible with
>> previous versions (e.g. PECL one), use the check. That doesn't prevent
>> us from having the flag in the core code and thus keeping it cleaner.
> 
> It still worries me a bit.  Distros love to separate core extensions
> into separate packages and if you update one of those without updating
> the core package, it will break.  Hopefully they have hard dependencies
> so you can't install php-curl-5.3.4 on php-5.3.3, for example.
> 
> -Rasmus
>