Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57669 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 29828 invoked from network); 3 Feb 2012 22:20:33 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 3 Feb 2012 22:20:33 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.170 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.161.170 mail-gx0-f170.google.com Received: from [209.85.161.170] ([209.85.161.170:55356] helo=mail-gx0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 82/03-08838-0BD5C2F4 for ; Fri, 03 Feb 2012 17:20:33 -0500 Received: by ggki2 with SMTP id i2so2310157ggk.29 for ; Fri, 03 Feb 2012 14:20:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type; bh=1EEaRacgMRZBtk5KbSOQJZys+nfVP95SHt7zctkEZ8Y=; b=cbF2y/8K+ZMn4I41/1Qn7JVKm7gMMImp18oooRcSa2sV7GbLe1a0y6l1/evbZXJ01C hFXzt+13YcufxvS5XI77WHK/KoZYJYgzyIT0e+s2uBN4GDePn+WblPnvTAqtiPKK6/YS wof12u/tF88oD8TpDV2I0FxYZliQf+6FUqVNo= Received: by 10.101.162.19 with SMTP id p19mr4254950ano.58.1328307629255; Fri, 03 Feb 2012 14:20:29 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.101.125.13 with HTTP; Fri, 3 Feb 2012 14:19:45 -0800 (PST) In-Reply-To: <0C9EDEF9-3E36-4C33-B566-6191EDD90568@nopiracy.de> References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <46104CB6-A868-41C3-B8E1-F1E0AC06BCAB@nopiracy.de> <0C9EDEF9-3E36-4C33-B566-6191EDD90568@nopiracy.de> Date: Sat, 4 Feb 2012 07:19:45 +0900 X-Google-Sender-Auth: pVu_53t1B3cZErFSrmDx_98v-1g Message-ID: To: Stefan Esser Cc: PHP internals Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi, >>> http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=317225&r2=318997 >> >> I'm sure we'd be more than happy to hear why it's broken and hear about >> possible suggested fixes. > > The purpose of the code is to detect all occurences of \r or \n not followed by whitespace and error out. > It is obviously doing something else. Just looking at the patch. The comment in the code states /* new line safety check */ but it cannot be a safety check as Stefan mentioned. It should be fixed, if it was intended as security measure. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net 2012/2/3 Stefan Esser : > Hello Derick, > >>> * and most probably many more that I do not know from the top of my >>> head (this are already 9 features and Suhosin/HPHP exists since 2004 = >>> 8 years). >> >> Lots of stuff in PHP was also "stolen" from Xdebug, but I am not whining >> about that as the goal is (and has always been) to make PHP better. > > I am not whining of something being stolen I trying to demonstrate that a lot of the features noone ever saw a need for in PHP have been cloned. > PHP devs repeatedly tell that Suhosin brings no additional value, while they clone and clone every time they are hit by a nasty bug. > > >>> http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/main/SAPI.c?r1=317225&r2=318997 >> >> I'm sure we'd be more than happy to hear why it's broken and hear about >> possible suggested fixes. > > The purpose of the code is to detect all occurences of \r or \n not followed by whitespace and error out. > It is obviously doing something else. > > Regards, > Stefan > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php >