Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:53087 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 99157 invoked from network); 6 Jun 2011 21:53:34 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 6 Jun 2011 21:53:34 -0000 Authentication-Results: pb1.pair.com header.from=felipensp@gmail.com; sender-id=pass; domainkeys=bad Authentication-Results: pb1.pair.com smtp.mail=felipensp@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.42 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: felipensp@gmail.com X-Host-Fingerprint: 209.85.160.42 mail-pw0-f42.google.com Received: from [209.85.160.42] ([209.85.160.42:40495] helo=mail-pw0-f42.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 30/A3-23189-D5C4DED4 for ; Mon, 06 Jun 2011 17:53:34 -0400 Received: by pwj3 with SMTP id 3so2499356pwj.29 for ; Mon, 06 Jun 2011 14:53:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=8B5CAhZPYHIeLYTLrAhsjVXAJAjkesdazvHOltH2+so=; b=kV23bZMwVdOs1hu9AjHnIAOWaNERq3BDF9Fy0dnUgZYynmns827uySiyCU09kiz3sI YzpNYAKmqD+1+gSAuQYvmKc1ZprWtmcGjHeHd1UdVq8wR46+b04liU4Cf6s9abdUQ0l5 W8Y/CmRIRNWutPFaYgIyWFFc5sod3rqnxtJPc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=Kt4ULAFB/gqMVefnTpdTh5mpPB0EmXMOYp54EdIhZ234c3ZE1v5+8pkK11n/6GJD6C OR9J3gd61sygpILEAOYsYq1TYL2J7wcbUQ3/EE7AjD8HFglwUXGivTjgBRuavG0Jmjd5 jNHbMjdoUjZ9vRdFJexyv0C+fvtqpuArlpUEU= Received: by 10.143.26.26 with SMTP id d26mr873941wfj.176.1307397211201; Mon, 06 Jun 2011 14:53:31 -0700 (PDT) MIME-Version: 1.0 Received: by 10.142.246.21 with HTTP; Mon, 6 Jun 2011 14:53:11 -0700 (PDT) In-Reply-To: <4DEBD6B9.9060103@sugarcrm.com> References: <4DEB3D65.107@sugarcrm.com> <4DEBD46E.3070708@sugarcrm.com> <4DEBD6B9.9060103@sugarcrm.com> Date: Mon, 6 Jun 2011 18:53:11 -0300 Message-ID: To: Stas Malyshev Cc: Pierre Joye , PHP Internals Content-Type: multipart/alternative; boundary=001636e0ae0d5aa29804a5122280 Subject: Re: [PHP-DEV] bug #39863 in trunk/5.4 From: felipensp@gmail.com (Felipe Pena) --001636e0ae0d5aa29804a5122280 Content-Type: text/plain; charset=UTF-8 Hi, 2011/6/5 Stas Malyshev > Hi! > > > Of course, I was just checking if it's what you guys are thinking first. >> > > Well, there was basically two ideas: > 1. Add filename length to streams and check inside streams > 2. Check inside argument parser > > Both have downsides: (1) does not capture cases when we don't use streams > (such as direct stat/touch/etc functions), (2) doesn't cover the case when > stream is manipulated through a string not coming directly from a function > argument (e.g. include, but may be other cases with extensions). So, > ideally, it'd be nice to have both - or something third that I didn't think > of - but any of them is better than nothing. > (1) seems to be easier and less disruptive, provided that we cover include > case separately and locate all functions that deal with filenames. > > Ok, I've committed in 5.4 and trunk the argument parser part. Now I need to fix some tests and try to found other places needing for related checks. Thanks. -- Regards, Felipe Pena --001636e0ae0d5aa29804a5122280--