Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:60917
Return-Path: <nikita.ppv@googlemail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 43020 invoked from network); 21 Jun 2012 09:21:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Jun 2012 09:21:10 -0000
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@googlemail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=nikita.ppv@googlemail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 209.85.217.170 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@googlemail.com
X-Host-Fingerprint: 209.85.217.170 mail-lb0-f170.google.com  
Received: from [209.85.217.170] ([209.85.217.170:35017] helo=mail-lb0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 96/10-42253-587E2EF4 for <internals@lists.php.net>; Thu, 21 Jun 2012 05:21:10 -0400
Received: by lbgc1 with SMTP id c1so2076253lbg.29
        for <internals@lists.php.net>; Thu, 21 Jun 2012 02:21:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=18x68Ildoruy5WY6BuUUXK0bAcGZIaLT/1lousq2Exg=;
        b=dUhyI8DAzltCeMFb74h9nV8Qys2+w/FQUw0AB2U3A/B3KI9PC10PORgUEUNeWe3WUo
         eIqDJTzbECM8LDyUxuuw0XzBZGBk3PV99l85OsZ6FNpCc5fn503A4dsb6IO9yDBlwyn6
         TRIgMPmFHfC4smiMZOpLnb1osOJYRyCNg6RfNWiQ6yg2HE6SxIqwlxSHgdha5cy5as3x
         UdypcKjgFB2t63+np9qaJtNR1we2PUMQRsCSnCB/jjku/Iv4q5Cm2nQ+8nYgVUmjuvVT
         MkLgPlckKBuJgSZ4D4FtrSiv8sHG8/Ha+PcfbmoU4nQl4L/ld/VTkK8WdWZ9EtCjVITa
         gX+Q==
MIME-Version: 1.0
Received: by 10.152.113.68 with SMTP id iw4mr5971808lab.50.1340270467140; Thu,
 21 Jun 2012 02:21:07 -0700 (PDT)
Received: by 10.152.114.70 with HTTP; Thu, 21 Jun 2012 02:21:07 -0700 (PDT)
In-Reply-To: <CAEZPtU4tVeMy1h3phgabO1pYnRKfym12WgXkf3VBVYZGRumHog@mail.gmail.com>
References: <CAF+90c-T9hPbuS3bUxnHw-+B+Y2VLu55wQJ8UrtzrcC7TiKyVw@mail.gmail.com>
	<CAEZPtU4tVeMy1h3phgabO1pYnRKfym12WgXkf3VBVYZGRumHog@mail.gmail.com>
Date: Thu, 21 Jun 2012 11:21:07 +0200
Message-ID: <CAF+90c94c9kTie44fcugXp40E8aSiaizLzRgE2-fBJTm6C2-+Q@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] json_encode() behavior for incorrectly encoded strings
From: nikita.ppv@googlemail.com (Nikita Popov)

On Thu, Jun 21, 2012 at 8:47 AM, Pierre Joye <pierre.php@gmail.com> wrote:
>> The reason for this situation is that a patch was applied for all
>> branches, and then reverted, because Stas didn't consider the change
>> towards always throwing a warning (even with display_errors=on)
>> appropriate without further discussion.
>
> Well, not sure we have to discuss why such thing is bad.
> display_errors must be respected.
This kind of very ugly error handling is currently used in several
places. It is meant to protect server administrators that are running
production servers with display_errors=On from leaking information
about encoding issues (which could be valuable to attackers). So the
error is only thrown if it isn't shown to the client but logged
instead. Personally I really don't like this, but I agree with Stas
that this is a security relevant issue and shouldn't be simply changed
without further discussion.

> 5.3 should be brought in line with 5.4.
So you think that the corrected code should be backed out from PHP 5.3
and the incorrect 5.4/master behavior be restored?

Thanks,
Nikita