Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:55580
Return-Path: <olemarkus@gentoo.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 71663 invoked from network); 22 Sep 2011 05:30:53 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Sep 2011 05:30:53 -0000
Received: from [127.0.0.1] ([127.0.0.1:10398])
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ECSTREAM
	id 10/E0-59025-D08CA7E4 for <internals@lists.php.net>; Thu, 22 Sep 2011 01:30:53 -0400
Authentication-Results: pb1.pair.com smtp.mail=olemarkus@gentoo.org; spf=unknown; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=olemarkus@gentoo.org; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain gentoo.org does not designate 178.79.164.89 as permitted sender)
X-PHP-List-Original-Sender: olemarkus@gentoo.org
X-Host-Fingerprint: 178.79.164.89 olemarkus.org  
Received: from [178.79.164.89] ([178.79.164.89:33985] helo=sophia.olemarkus.org)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 07/D0-59025-096CA7E4 for <internals@lists.php.net>; Thu, 22 Sep 2011 01:24:35 -0400
Received: from localhost (localhost [127.0.0.1])
	by sophia.olemarkus.org (Postfix) with ESMTP id C87581678B
	for <internals@lists.php.net>; Thu, 22 Sep 2011 07:24:29 +0200 (CEST)
X-Virus-Scanned: amavisd-new at sophia.olemarkus.com
Received: from sophia.olemarkus.org ([127.0.0.1])
	by localhost (sophia.olemarkaus.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id bdV2DLemrnf1 for <internals@lists.php.net>;
	Thu, 22 Sep 2011 07:24:23 +0200 (CEST)
Received: from [109.189.155.17] (17.155.189.109.customer.cdi.no [109.189.155.17])
	by sophia.olemarkus.org (Postfix) with ESMTPA id 9F21F16784
	for <internals@lists.php.net>; Thu, 22 Sep 2011 07:24:23 +0200 (CEST)
Message-ID: <4E7AC687.5090801@gentoo.org>
Date: Thu, 22 Sep 2011 07:24:23 +0200
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.20) Gecko/20110804 Thunderbird/3.1.12
MIME-Version: 1.0
To: internals@lists.php.net
References: <4E790B82.6090805@akbkhome.com> <8C.A0.17510.E4DE97E4@pb1.pair.com> <1316615094.2810.5.camel@guybrush> <CAEZPtU51Hk+kmLhNqnCjDbRuW2t7QUumQX2qotPKLbeJkD1rAA@mail.gmail.com> <1316629502-sup-831@fewbar.com> <4E7A763F.1080302@akbkhome.com>
In-Reply-To: <4E7A763F.1080302@akbkhome.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: is_a() - again - a better fix
From: olemarkus@gentoo.org (Ole Markus With)

On 22/09/11 01:41, Alan Knowles wrote:
>
> To clarify
>
> * Code changed to work around this change will not break if it is reverted.
> Basically it is to add is_object() before any call to is_a()
>
> * If left as is, there is reasonable potential for remote exploits in
> many codebases.
>
> * This change is not really in the wild yet, as people do not upgrade
> that fast, and as mentioned distro's are avoiding upgrading due to the
> rather serious consequences.
>
> * This code affects anyone using the autoloader (PSR or other) with any
> existing codebase (for example Joomla will probably break if used with
> an autoloader)
>
> * The 'revert' BC break will only affect someone who
> a) uses undocumented behaviors which are only known about due to reading
> this list.
> b) has written code specifically targeting this controversial behavior
> in the last few weeks.
>
> * Nobody who has argued for keeping this change has made any commits or
> bug reports to any package (as far as I know) to help fix code affected
> by the change.
>
> * is_a() in it's previous usage was 'useful', and resulted in clear
> consise code. now practically every use of the code has to be prefixed
> with is_object(). This is wastefull and pointless, and more prone to
> errors.
>
>
> Saying that 'breaking BC again' should not be done is an utterly bogus
> argument. Please understand the issue properly before coming up with
> such a ridiculous comment. The point of 'not breaking BC' is to stop
> breaking existing code which has been running for years, not breaking
> code that has been created 10 minutes ago. Please be realistic here.
>


Hi,

Just for the record:

For Gentoo, we actually did ship PHP 5.3.8, resulting in a little storm 
of users being very upset about us breaking their code. Especially since 
PEAR packages started breaking.

Wearing my package maintainer hat and given that Alan's points above are 
true, I would very much like for is_a's behaviour to be reverted to 
pre-5.3.8 state as well. I also believe that reverting would cause less 
damage than keeping current behaviour.

Cheers,
Ole Markus