Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:52957
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 50995 invoked from network); 5 Jun 2011 19:19:26 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 5 Jun 2011 19:19:26 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 67.192.241.143 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 67.192.241.143 smtp143.dfw.emailsrvr.com Linux 2.6
Received: from [67.192.241.143] ([67.192.241.143:48689] helo=smtp143.dfw.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F9/DA-26000-DB6DBED4 for <internals@lists.php.net>; Sun, 05 Jun 2011 15:19:26 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp14.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id 6AD8C29A7A7;
	Sun,  5 Jun 2011 15:19:22 -0400 (EDT)
X-Virus-Scanned: OK
Received: by smtp14.relay.dfw1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id D563129A7A0;
	Sun,  5 Jun 2011 15:19:21 -0400 (EDT)
Message-ID: <4DEBD6B9.9060103@sugarcrm.com>
Date: Sun, 05 Jun 2011 12:19:21 -0700
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10
MIME-Version: 1.0
To: Felipe Pena <felipensp@gmail.com>
CC: Pierre Joye <pierre.php@gmail.com>, 
 PHP Internals <internals@lists.php.net>
References: <4DEB3D65.107@sugarcrm.com> <BANLkTinyD_EmnnOvZP_oS9K19fBq4Q8ROA@mail.gmail.com> <BANLkTi=2Qg=NHeXyovvty-guUCzHHfo5sQ@mail.gmail.com> <4DEBD46E.3070708@sugarcrm.com> <BANLkTimr_Wmn5rdF4hhAbwBhc_k=m8Tmxw@mail.gmail.com>
In-Reply-To: <BANLkTimr_Wmn5rdF4hhAbwBhc_k=m8Tmxw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] bug #39863 in trunk/5.4
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

> Of course, I was just checking if it's what you guys are thinking first.

Well, there was basically two ideas:
1. Add filename length to streams and check inside streams
2. Check inside argument parser

Both have downsides: (1) does not capture cases when we don't use 
streams (such as direct stat/touch/etc functions), (2) doesn't cover the 
case when stream is manipulated through a string not coming directly 
from a function argument (e.g. include, but may be other cases with 
extensions). So, ideally, it'd be nice to have both - or something third 
that I didn't think of - but any of them is better than nothing.
(1) seems to be easier and less disruptive, provided that we cover 
include case separately and locate all functions that deal with filenames.
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227