Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:51585
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 11680 invoked from network); 7 Mar 2011 07:04:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Mar 2011 07:04:04 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 207.97.245.123 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 207.97.245.123 smtp123.iad.emailsrvr.com Linux 2.6
Received: from [207.97.245.123] ([207.97.245.123:43249] helo=smtp123.iad.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CB/80-07030-363847D4 for <internals@lists.php.net>; Mon, 07 Mar 2011 02:04:04 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp42.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id 3C63014811A;
	Mon,  7 Mar 2011 02:04:01 -0500 (EST)
X-Virus-Scanned: OK
Received: by smtp42.relay.iad1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id CD6DC148110;
	Mon,  7 Mar 2011 02:04:00 -0500 (EST)
Message-ID: <4D74835F.2030809@sugarcrm.com>
Date: Sun, 06 Mar 2011 23:03:59 -0800
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.14) Gecko/20110221 Thunderbird/3.1.8
MIME-Version: 1.0
To: Pierre Joye <pierre.php@gmail.com>
CC: PHP Internals <internals@lists.php.net>
References: <4D74315F.2090608@sugarcrm.com> <AANLkTiktxaWBBvqWFqGyA42HadQVnj=ED9txhFi4J0yS@mail.gmail.com>
In-Reply-To: <AANLkTiktxaWBBvqWFqGyA42HadQVnj=ED9txhFi4J0yS@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: path for #39863 etc. in trunk?
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

> Yes, there was a discussion in progress about adding or not a input
> parameter for filenames to do all the checks. That's the only stopping
> point back then (in January afair). I will check&post again the
> question and proposal to see if we can get that sorted now.

If there are questions about better implementation etc., we have to just 
check in the 5.3 fix and we can refactor it later. I think it's not good 
that we allow trunk to have security-related patch not synchronized with 
5.3 for months. I wonder if we have more like this.
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227