Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:59838
Return-Path: <kris.craig@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 60186 invoked from network); 13 Apr 2012 01:37:52 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Apr 2012 01:37:52 -0000
Authentication-Results: pb1.pair.com smtp.mail=kris.craig@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=kris.craig@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.170 as permitted sender)
X-PHP-List-Original-Sender: kris.craig@gmail.com
X-Host-Fingerprint: 209.85.212.170 mail-wi0-f170.google.com  
Received: from [209.85.212.170] ([209.85.212.170:64353] helo=mail-wi0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 9D/91-00290-F63878F4 for <internals@lists.php.net>; Thu, 12 Apr 2012 21:37:52 -0400
Received: by wibhr17 with SMTP id hr17so5492181wib.5
        for <internals@lists.php.net>; Thu, 12 Apr 2012 18:37:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=tCVaQeks8lBjjAiM9ozfRDFr+79QXk3/h4QOto/VF8k=;
        b=eJyD8Mzwb14YZAyeMGpNLzYKAxZPIRm9Ubvi0n99JH7LVYqy7815awidn7r6ofNvSj
         b5Zzfrs0uRC+eNEtcARpPXqKKKQN6t01yMSOvfzqB3eYWgb6XmtnZK9m3wBMs35wzLre
         RoLjbml6mRZqVartcfMX8s2fXMt162NtqVFw5TxK9DFMjTY7PmAQeFPZrhZZyT8jG1Gy
         zPy/3erfbl80BvFyirPBO4CrWeHXZ9XAwi9MujbVSaD07ZIBsvodgAfNCjv6iamRY8NV
         /3h/YWVtx/sq3uLdt/fTcAhZ56ZPHFZD4ouZJO/iESTzAOQcZmQwkUgwkm178razZrOZ
         oq2g==
MIME-Version: 1.0
Received: by 10.180.88.67 with SMTP id be3mr453151wib.20.1334281069022; Thu,
 12 Apr 2012 18:37:49 -0700 (PDT)
Received: by 10.223.79.67 with HTTP; Thu, 12 Apr 2012 18:37:48 -0700 (PDT)
In-Reply-To: <CAL0xaBG0okyLf=nKdyGKv_Q10nbRXkWo27LtfBo-Z-4vkQmm3Q@mail.gmail.com>
References: <CAGa2bXZ6G=Cphjrde3u1Mq3AAw-4yJk3s28vNe+Aybt2nGTumg@mail.gmail.com>
	<4F850D06.10701@sugarcrm.com>
	<CAGa2bXZWrRh8RdMtKK_2_U_XmByC-O6hGRPrJyW5KwvE0CAK-w@mail.gmail.com>
	<4F8515AF.8060706@sugarcrm.com>
	<CAGa2bXZWudQeRm5h2eENGmgQDPfOqEmijB9-vPAvfKXLCfDiLw@mail.gmail.com>
	<4F851FE4.7000706@sugarcrm.com>
	<CAGa2bXbXdNcfHX_dM2EVVz_2JtS4cc+8pxneSLAd382TuQUg-w@mail.gmail.com>
	<4F8539E0.1090701@sugarcrm.com>
	<4F859063.1010401@lerdorf.com>
	<A633CF2D7C7BED41B41F1E64F25507B806A5CDD71A@MAILR001.mail.lan>
	<CAKOpQSz1=AFfWcO=F0Ot_2Jm8audczE2a1DnGV-vxhp=80ZcUQ@mail.gmail.com>
	<CALKFbxs5irYW1Sdus4b=XBvbKqfsMkJbEd14RmXC7tFv7rg-fw@mail.gmail.com>
	<CAGa2bXb=RbjPaL=SeUv6vDv_Cvc0O5f_noNdZwue3gFcgnajAA@mail.gmail.com>
	<CAKOpQSzN4xkJLL_JwbXx1iOJs6Hnxnjh+D2qUjpShqgW8N2S6g@mail.gmail.com>
	<CAGa2bXaG_SR-F2eKUu3=Quzm6scOhOGB5d4gwZAmCBZTwB=q=w@mail.gmail.com>
	<CAGa2bXbyhUGMSZsiP6hSap4fi0pVA8sKVeps4ScPb9QQWidkTg@mail.gmail.com>
	<4F862AAC.90003@lerdorf.com>
	<4F86761A.9010801@lsces.co.uk>
	<CAGa2bXZRuYWBeWRNkF5rbL1Drtt8uP2VeL4mCoXdxw8iswwEVQ@mail.gmail.com>
	<CAL0xaBFkzgLqnyTpJXqWbvnYNHakV+K5L173tO-a==HiGSXUtw@mail.gmail.com>
	<CAKOpQSy3r8bWaXYjWnoFy_Vj9sX1hK4dLyzhJ+mTPsH-TnkgmA@mail.gmail.com>
	<CAL0xaBG0okyLf=nKdyGKv_Q10nbRXkWo27LtfBo-Z-4vkQmm3Q@mail.gmail.com>
Date: Thu, 12 Apr 2012 18:37:48 -0700
Message-ID: <CAKOpQSxFANBvj=6qgRwndbOrx_b0jnA_Y-YkVtncayL8TLT0pg@mail.gmail.com>
To: Arvids Godjuks <arvids.godjuks@gmail.com>
Cc: Yasuo Ohgaki <yohgaki@ohgaki.net>, Lester Caine <lester@lsces.co.uk>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=f46d04448147264c5e04bd858568
Subject: Re: [PHP-DEV] Re: Disabling PHP tags by php.ini and CLI options
From: kris.craig@gmail.com (Kris Craig)

--f46d04448147264c5e04bd858568
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable

On Thu, Apr 12, 2012 at 5:55 PM, Arvids Godjuks <arvids.godjuks@gmail.com>w=
rote:

> I should point out that if you make you mind about a feature - you will
> twist and turn it like hell, but you can't be convinced that it may make
> more damage than good, or is just plain pointless because out there in th=
e
> wild the world actually is wild. And peoe do things differently for a
> reason.
>
> I'm not trying to offend you or shame you, but you just ignore half valid
> arguments. I personaly get a feeling that you don't do PHP development on=
 a
> regular basis, because for me, as a userland php developer, some things y=
ou
> write are ridicilous and i would expect them from a beginer, a person
> coming from a different language, but sure not from a serious seasoned PH=
P
> developer.
>
I think a big part of the problem you're having stems from that mindset.
I've been developing PHP for over 10 years now and it is my primary
language.  I've deployed more PHP applications and environments than I can
count over the years on both Linux and Windows.  I'd say probably 95% of
the coding I do at work is PHP, about 99% of the work I do at home is PHP.

I'm not claiming to be better or worse at PHP than anywayone else (my
resume notwithstanding lol).  The point is, you're assuming that, because
my perspective and my ideas differ from what you believe to be acceptable,
I therefore must be ignorant or otherwise unqualified.  That's a very
dangerous mindset to have in any endeavor and I would strongly encourage
you to do some serious soul-searching on that, because you're only hurting
yourself when you think that way.

As for me ignoring arguments, I think you should go back through some of
these threads.  I've gone to a lot of trouble to respond to individual
points.  I'm sure I've probably missed a couple here and there amidst the
sheer volume, but for the most part I think I've done pretty well.
However, I think you're confusing failure to *hear* an argument with
failure to *agree* with an argument.  If I disprove or even just counter
somebody else's argument, that doesn't mean I'm "ignoring" it.  Quite the
opposite, in fact.  ;P


> This hassle with the php tags, special extensions, optional php.ini
> options will make my life harder. Why? Because two hosters will be able t=
o
> configure their envoirments differently. Who suffers? I suffer the
> conciquences of that by working at 3am saturday morning and probably
> getting into a fight with my wife about that. And getting fired if i refu=
se
> to fix issues.
>
> I understand the concerns about the LFI or how it is called, but as many
> people mentioned, its how the code is written. And if code is.written bad=
ly
> - you can't do anything about it on the language level without restrictin=
g
> writing the code in the first place.
>
You seem to be grouping me in with some other people, because a lot of what
you just describe hasn't been proposed or even supported by me.  For
example, you stated that, "as many people have mentioned," LFI security
comes down to how the code is written.  Yeah, I know, because I'm one of
those people who stated that.  Right here.  On Internals.  I took a little
bit of heat for it, too.  I believe I summed-up the principle as, "A
programming language can only be as smart as the person using it."

That said, you'll notice that I didn't lodge any personal attacks at the
person who suggested it.  But I was nonetheless assertive and forceful in
my arguments against it.  That's where the difference lies.  You can reduce
somebody else's argument to a pile of dust without ever having to even hint
at a personal attack; I do it all the time lol.


> Those people that went for th include modification with the second
> optional param are on the right track - you give the people the ability a=
nd
> they will use it (i will).
>
> If someone could take all the energy wasted here and put to work on
> drasticly improving PDO - that would be a real benifit to every one. Caus=
e
> right now pdo just sucks, a lot.
> 13.04.2012 2:07 =D0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=D8 "Kris Craig" <kris.c=
raig@gmail.com> =CE=C1=D0=C9=D3=C1=CC:
>
>
>>
>> On Thu, Apr 12, 2012 at 5:02 PM, Arvids Godjuks <arvids.godjuks@gmail.co=
m
>> > wrote:
>>
>>> You all know where the short_tags, register_globals, magic_quotes and
>>> other
>>> stuff like that took the language and the problems it made.
>>> Doesn`t history teach us a lesson? I see that it did not for some activ=
e
>>> members of this list.
>>> Many are still cleaning up the mess of thouse optional php.ini
>>> directives,
>>> Ibhad to clean up myself one project, took me 2 months to properly fix =
it
>>> and make to run on PHP 5, anyway we ended up rewriting the whole thing
>>> from
>>> scratch, a year of day to day work.
>>> Now i write my stuff E_ALL, including strict stuff and I know for a fac=
t
>>> that there is no php.ini switch that could screw up my applications on
>>> different hosting platforms (yes, some minor things can happen in
>>> specific
>>> situations, but any properly configured PHP 5.3/5.4 will run smooth). A=
nd
>>> now you purpose to add a switch that in one line can disable the
>>> application for good (and get it's sources spit out all over the place)=
.
>>> And even if i write it in the right way - i have to convert every damn
>>> external library. Ok, i upload it to the host and guess what - it spews
>>> the
>>> code out because it is configured for the <?php tag!
>>>
>>> It will never get adopted, too many legacy stuff, to many external tool=
s.
>>> And php native templates? I dont neet any twig, smarty or any other
>>> stuff.
>>> And guess what - most template engines cache compiled templates, and th=
ey
>>> are - ta-daa - PHP EMBEDDED IN HTML CODE!
>>>
>>> Common sence is allien to some people on this list or what?
>>>
>>
>> As is civility and basic mutual respect, it would seem.
>>
>

--f46d04448147264c5e04bd858568--