Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:50300
Return-Path: <doctorrock83@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 52859 invoked from network); 17 Nov 2010 15:53:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Nov 2010 15:53:02 -0000
Authentication-Results: pb1.pair.com smtp.mail=doctorrock83@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=doctorrock83@gmail.com; sender-id=pass; domainkeys=bad
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.45 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: doctorrock83@gmail.com
X-Host-Fingerprint: 209.85.216.45 mail-qw0-f45.google.com  
Received: from [209.85.216.45] ([209.85.216.45:36711] helo=mail-qw0-f45.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id DB/21-40885-C5AF3EC4 for <internals@lists.php.net>; Wed, 17 Nov 2010 10:53:00 -0500
Received: by qwi2 with SMTP id 2so1395139qwi.18
        for <internals@lists.php.net>; Wed, 17 Nov 2010 07:52:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:mime-version:sender:received
         :in-reply-to:references:from:date:x-google-sender-auth:message-id
         :subject:to:cc:content-type:content-transfer-encoding;
        bh=L5TbtKzr5db5xuMjivYw6PZOfnwu4wNdbOQq6RNb5OA=;
        b=COzcfkcq0QEiz0bIxc1ywI5KFDHdRgOQr0bIXPdh7efetDUtNguIq1vqlby1QRwg+q
         tpWoKT+ry+9ouG6FZMXtCIXz9iSAv/wCeagrO0YpbAeAXYNvttxnsj3MGGAAAfJHDdMm
         3cp+AEga3tNxsjWIYXy/pteyw+04ngSRW7xcc=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:cc:content-type
         :content-transfer-encoding;
        b=Q6kWQqGijvAgPZN8gKO9evIVfoepsPJGgIkAk4DZ4MC/qgqmNiyeP63FuBhrJtb/UH
         Hbjbm1wYl5tkSh4SVjig/FCLpOPYPcqiDqyv89N4B/rQ7MuUpOr20/OyR3I5n/zLvCVB
         lwi0Ox7qzHAHgQ2F8ryUbn/upGGBzDcWIq0fs=
Received: by 10.229.214.139 with SMTP id ha11mr7709309qcb.235.1290009177930;
 Wed, 17 Nov 2010 07:52:57 -0800 (PST)
MIME-Version: 1.0
Sender: doctorrock83@gmail.com
Received: by 10.220.102.72 with HTTP; Wed, 17 Nov 2010 07:52:17 -0800 (PST)
In-Reply-To: <AANLkTim0fF2O_Q-+AtPZ1vyomxb4-Rri3twUyAbWtxsn@mail.gmail.com>
References: <4CE03E41.9030805@lerdorf.com> <8757232E56758B42B2EE4F9D2CA019C9086B69@US-EX2.zend.net>
 <4CE10E8E.3070901@lerdorf.com> <4CE206C0.5070701@sugarcrm.com>
 <8757232E56758B42B2EE4F9D2CA019C908A06A@US-EX2.zend.net> <4CE215A3.30606@lerdorf.com>
 <4CE220CB.5090005@sugarcrm.com> <4CE22181.8090904@lerdorf.com> <AANLkTim0fF2O_Q-+AtPZ1vyomxb4-Rri3twUyAbWtxsn@mail.gmail.com>
Date: Wed, 17 Nov 2010 16:52:17 +0100
X-Google-Sender-Auth: 3rNKM-D1g6QYBnxkynwmuCFkhQA
Message-ID: <AANLkTi=x6=SPOinz=msVGZzV8yDzAvJDPufAJZcbZbyr@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: Rasmus Lerdorf <rasmus@lerdorf.com>, Stas Malyshev <smalyshev@sugarcrm.com>, 
	Andi Gutmans <andi@zend.com>, internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] Adding path_len to all stream functions in trunk
From: jpauli@php.net (Julien Pauli)

Is this related to http://www.ush.it/2009/02/08/php-filesystem-attack-vecto=
rs/ ?

That's a quiet old bug, I'm happy to listen it's now worked on and has a pa=
tch.

J.Pauli

On Tue, Nov 16, 2010 at 12:34 PM, Pierre Joye <pierre.php@gmail.com> wrote:
> hi,
>
> On Tue, Nov 16, 2010 at 7:15 AM, Rasmus Lerdorf <rasmus@lerdorf.com> wrot=
e:
>> On 11/15/10 10:12 PM, Stas Malyshev wrote:
>>> Hi!
>>>
>>>> Well, it changes the signature of that function, so while we don't bre=
ak
>>>> backward binary compatibility, we break forward compatibility within t=
he
>>>> 5.3 branch. =A0As in, if I change my extension to use this new NoNull
>>>> string flag, it will no longer work on<5.3.3 whereas if I do the
>>>> if(strlen(filename) !=3D filename_len) check, this will still work in =
all
>>>> 5.3 releases.
>>>
>>> So if you have such extension, and you need to have it compatible with
>>> previous versions (e.g. PECL one), use the check. That doesn't prevent
>>> us from having the flag in the core code and thus keeping it cleaner.
>>
>> It still worries me a bit. =A0Distros love to separate core extensions
>> into separate packages and if you update one of those without updating
>> the core package, it will break. =A0Hopefully they have hard dependencie=
s
>> so you can't install php-curl-5.3.4 on php-5.3.3, for example.
>
> Same here, it is somehow a API incompatibility. We did similar changes
> in the past and forced us to have two versions of extensions (afair it
> was <5.2.5 and >=3D5.2.6). That was really painful and took years to get
> rid of 5.2.5 support.
>
> I like the idea of having a (maybe not so perfect) solution for 5.3.x
> using Rasmus patch and do it right in trunk.
>
> Cheers,
> --
> Pierre
>
> @pierrejoye | http://blog.thepimp.net | http://www.libgd.org
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>