Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57521
Return-Path: <chrisstocktonaz@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 5150 invoked from network); 26 Jan 2012 05:25:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Jan 2012 05:25:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=chrisstocktonaz@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=chrisstocktonaz@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.210.170 as permitted sender)
X-PHP-List-Original-Sender: chrisstocktonaz@gmail.com
X-Host-Fingerprint: 209.85.210.170 mail-iy0-f170.google.com  
Received: from [209.85.210.170] ([209.85.210.170:35347] helo=mail-iy0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6C/51-29384-2C3E02F4 for <internals@lists.php.net>; Thu, 26 Jan 2012 00:25:22 -0500
Received: by iaoo28 with SMTP id o28so330794iao.29
        for <internals@lists.php.net>; Wed, 25 Jan 2012 21:25:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=uSbl1a06qETC3hRKO6XgJfuvX1oFSqIWMHcuOYkYo7c=;
        b=RsiiplkFVrkqiXUbaJKhad+N0ryb1igxnI+X3HcAwQjSoIdqB+IsWQIxrkvMt2+7e9
         /ddwsxkcoDDrudU1vRWt0YFXYYRKWQmClfyNAsfDLYqciCE3azbAZCBzGA+WOpalUtzy
         WIC7uUE0mjby1W3fqwlc8Hz0kYfdTkVi5Mxmw=
MIME-Version: 1.0
Received: by 10.50.188.166 with SMTP id gb6mr653982igc.18.1327555519042; Wed,
 25 Jan 2012 21:25:19 -0800 (PST)
Received: by 10.42.197.72 with HTTP; Wed, 25 Jan 2012 21:25:19 -0800 (PST)
In-Reply-To: <CEE97C0A-3BB2-4519-B5B3-FB84A22BE1B9@ktamura.com>
References: <38EE3732-F134-4C02-8F93-2E9C61FD1E81@ktamura.com>
	<CALKFbxv7FR-kP+PTWyj58hgD78=5E2ihCTAxzdnywQfdtmkz_g@mail.gmail.com>
	<CEE97C0A-3BB2-4519-B5B3-FB84A22BE1B9@ktamura.com>
Date: Wed, 25 Jan 2012 22:25:19 -0700
Message-ID: <CALKFbxu398VGV7DavYVhpo-b6RkuEM6_XH=_GuQTZ0DqtnZN3Q@mail.gmail.com>
To: Kiyoto Tamura <me@ktamura.com>
Cc: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] A potential patch for Bug#60668
From: chrisstocktonaz@gmail.com (Chris Stockton)

Hello,

On Wed, Jan 25, 2012 at 9:32 PM, Kiyoto Tamura <me@ktamura.com> wrote:
> Also, I am not sure if php_trim is what we want here. It looks like vrana's initial proposal was to discard everything after CR-LF. This is different from trimming CR/LF/whitespace at the end of the string.
>

Ah I see didn't think enough about it, basically my point is for such
a simple string op there is likely something  already to do it,
probably still is a function in strings to take care of it.

As for the "feature" of \r\n working in user-agent init set, my main
point is that is a BC break, since it is slightly advocated to use it
as a hack in the docs here [1]. At the end of the day passing _any_
user input to literally any php function without sanitization can be
dangerous given the right context. I think this specific one would
fall under the developers hands, but hey it's just my opinion you can
see what the core devs say I might be a bit off base.

-Chris

[1] http://php.net/wrappers.http#wrappers.http.example.custom.headers