Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57522
Return-Path: <me@ktamura.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 6979 invoked from network); 26 Jan 2012 05:42:46 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Jan 2012 05:42:46 -0000
Authentication-Results: pb1.pair.com smtp.mail=me@ktamura.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=me@ktamura.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain ktamura.com from 209.85.210.42 cause and error)
X-PHP-List-Original-Sender: me@ktamura.com
X-Host-Fingerprint: 209.85.210.42 mail-pz0-f42.google.com  
Received: from [209.85.210.42] ([209.85.210.42:41852] helo=mail-pz0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 26/B1-29384-5D7E02F4 for <internals@lists.php.net>; Thu, 26 Jan 2012 00:42:46 -0500
Received: by dalz17 with SMTP id z17so223656dal.29
        for <internals@lists.php.net>; Wed, 25 Jan 2012 21:42:42 -0800 (PST)
Received: by 10.68.115.195 with SMTP id jq3mr2250116pbb.34.1327556562667;
        Wed, 25 Jan 2012 21:42:42 -0800 (PST)
Received: from 10-0-128-173.trialpay.com (107-0-11-193-ip-static.hfc.comcastbusiness.net. [107.0.11.193])
        by mx.google.com with ESMTPS id n8sm8380461pbq.7.2012.01.25.21.42.40
        (version=TLSv1/SSLv3 cipher=OTHER);
        Wed, 25 Jan 2012 21:42:41 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <CALKFbxu398VGV7DavYVhpo-b6RkuEM6_XH=_GuQTZ0DqtnZN3Q@mail.gmail.com>
Date: Wed, 25 Jan 2012 21:42:39 -0800
Cc: internals@lists.php.net
Content-Transfer-Encoding: quoted-printable
Message-ID: <00970E67-16E9-4694-85B7-1E925EE075FD@ktamura.com>
References: <38EE3732-F134-4C02-8F93-2E9C61FD1E81@ktamura.com> <CALKFbxv7FR-kP+PTWyj58hgD78=5E2ihCTAxzdnywQfdtmkz_g@mail.gmail.com> <CEE97C0A-3BB2-4519-B5B3-FB84A22BE1B9@ktamura.com> <CALKFbxu398VGV7DavYVhpo-b6RkuEM6_XH=_GuQTZ0DqtnZN3Q@mail.gmail.com>
To: Chris Stockton <chrisstocktonaz@gmail.com>
X-Mailer: Apple Mail (2.1084)
Subject: Re: [PHP-DEV] A potential patch for Bug#60668
From: me@ktamura.com (Kiyoto Tamura)

Thanks for elaborating on the "BC break" (I googled it to no avail). I =
guess such a change (discarding everything after CR-LF) would break the =
code using BC breaks.

Either way, at least I am fully aware of how ini_set behaves ;)

On Jan 25, 2012, at 9:25 PM, Chris Stockton wrote:

> Hello,
>=20
> On Wed, Jan 25, 2012 at 9:32 PM, Kiyoto Tamura <me@ktamura.com> wrote:
>> Also, I am not sure if php_trim is what we want here. It looks like =
vrana's initial proposal was to discard everything after CR-LF. This is =
different from trimming CR/LF/whitespace at the end of the string.
>>=20
>=20
> Ah I see didn't think enough about it, basically my point is for such
> a simple string op there is likely something  already to do it,
> probably still is a function in strings to take care of it.
>=20
> As for the "feature" of \r\n working in user-agent init set, my main
> point is that is a BC break, since it is slightly advocated to use it
> as a hack in the docs here [1]. At the end of the day passing _any_
> user input to literally any php function without sanitization can be
> dangerous given the right context. I think this specific one would
> fall under the developers hands, but hey it's just my opinion you can
> see what the core devs say I might be a bit off base.
>=20
> -Chris
>=20
> [1] http://php.net/wrappers.http#wrappers.http.example.custom.headers