Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:67939
Return-Path: <tjerk.meesters@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 29552 invoked from network); 27 Jun 2013 11:55:19 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Jun 2013 11:55:19 -0000
Authentication-Results: pb1.pair.com header.from=tjerk.meesters@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=tjerk.meesters@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.174 as permitted sender)
X-PHP-List-Original-Sender: tjerk.meesters@gmail.com
X-Host-Fingerprint: 209.85.192.174 mail-pd0-f174.google.com  
Received: from [209.85.192.174] ([209.85.192.174:58617] helo=mail-pd0-f174.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 96/34-08517-6282CC15 for <internals@lists.php.net>; Thu, 27 Jun 2013 07:55:18 -0400
Received: by mail-pd0-f174.google.com with SMTP id 10so346598pdc.19
        for <internals@lists.php.net>; Thu, 27 Jun 2013 04:55:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=references:mime-version:in-reply-to:content-type
         :content-transfer-encoding:message-id:cc:x-mailer:from:subject:date
         :to;
        bh=QFACKjRibb/X2oR0y0wGwTuHT/VLExdjr1RxyI+wXIo=;
        b=d4qSYujQIC3L7Jfik4jpIckFzKZ5GSa/+LaVRXu/MhxOP7SF86w53vx5ea3CQ/jC9A
         d/clODcaN17bjwyAd1xMTxP1w2EywENbX1OwGpk2zX/DYiTBnbkcNmH+RZSDyaTfokhx
         hDCfzAKAQBwclctLphQVpQPPOpCAMHJtg9xvljzONqrul6Gr5JSEGcc3PvtYVKMiuOEg
         EUwz25RNo88iNvNm7oKIFBWdY0U9vF5u+pTblD6RneWV9F8ns8PsIaoBRDf/NpYoW7QN
         +ZIU5Teeam7she3ylHOtcYIcaI543g1wtSomomBURAsm4J/vShRCqLTYClvBJG78BrBP
         MRdQ==
X-Received: by 10.68.163.97 with SMTP id yh1mr5709719pbb.33.1372334115680;
        Thu, 27 Jun 2013 04:55:15 -0700 (PDT)
Received: from [192.168.1.104] (bb42-60-19-235.singnet.com.sg. [42.60.19.235])
        by mx.google.com with ESMTPSA id xu10sm3498762pab.3.2013.06.27.04.55.13
        for <multiple recipients>
        (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
        Thu, 27 Jun 2013 04:55:15 -0700 (PDT)
References: <CAGa2bXYNgjhUWTqzhorcYhd7SEyEvxdhCVWyXr8O-hsZ103E6g@mail.gmail.com> <CAGa2bXYBR-=rrifyhWSwB7M1u5J5EL_0o0DcUuFZ9DEuMCrjjQ@mail.gmail.com> <CAL+t6cGUJmfhVdSCf3XNn4Mri_fvq-Fuad40yrrKOd8c1uwxXw@mail.gmail.com> <CAGa2bXb=mRv2PY880THX_Zd6V8p6pMEWe_+KJ0e1WsKCHskDYA@mail.gmail.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <CAGa2bXb=mRv2PY880THX_Zd6V8p6pMEWe_+KJ0e1WsKCHskDYA@mail.gmail.com>
Content-Type: text/plain;
	charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-ID: <B4C1DFCC-9849-4B00-9D77-937279C377E1@gmail.com>
Cc: Sherif Ramadan <theanomaly.is@gmail.com>,
 "internals@lists.php.net" <internals@lists.php.net>
X-Mailer: iPhone Mail (10B329)
Date: Thu, 27 Jun 2013 19:55:12 +0800
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Subject: Re: [PHP-DEV] Re: hex2bin: E_WARNING is too much for odd string?
From: tjerk.meesters@gmail.com (Tjerk Meesters)



Sent from my iPhone

On 27 Jun, 2013, at 11:05 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> Hi Sherif,
>=20
> I would like to have consistent behavior at least within a function.
>=20
> 2013/6/27 Sherif Ramadan <theanomaly.is@gmail.com>
>=20
>> I thought you wanted to add an extra error for malformed hex, which I
>> would have been fine with, but removing the error entirely? The error is
>> useful. It informs the user that they may have buggy code since the
>> function is clearly documented to expect even length hex encoded strings.=

>=20
>=20
> It is good to have additional errors for invalid inputs. It would be
> beneficial for many users.
> I've checked some conversion(decoder) functions quickly.
>=20
> Functions raise E_WARNING / E_NOTICE for invalid inputs
>  unserialize()
>  convert_uudecode()
>  xmlreader module
>=20
> Functions simply return FALSE for invalid inputs
>  base64_decode()
>  pg_unescape_bytea()
>  mb_decode_mimiheader()
>  mb_decode_numericentity()
>  mb_convert_kana()
>  mb_convert_encoding()
>  mb_convert_variables()
>    Note: mbstring functions raise errors for invalid encoding, otherwise
> simply return FALSE.
>=20
> Functions do not check validity
>  quoted_printable_decode()
>  xml_utf8_decode() - replaces bad chars to '?'
>=20
> Functions have separate error message function
>  json_decode() - returns FALSE, but can get errors via json_last_error()
>=20
> Decoding errors are usually a bug or some kind of attack, so I agree to ad=
d
> E_NOTICEs. Exception is decoders that supposed to accept external inputs.
> e.g. base64_decode() and mbstring functions.
>=20
> I think pg_unescape_bytea() should raise E_WARNING, so I'll add it later.
> Adding E_WARNING to it will never be BC issue. It's obvious bug.
>=20
> hex2bin() will not be used for handling external inputs almost always, so
> raising E_WARNING make sense.
>=20
> I've updated pull request. (Added E_WARNING for bad hex)
>=20
> https://github.com/php/php-src/pull/369
>=20
> Everyone is OK with this?

The thread started with the assertion that it raises a warning and the commi=
ts first remove the warning and then adds it again later, so isn't the whole=
 PR a noop? :)

>=20
> Regards,
>=20
> --
> Yasuo Ohgaki
> yohgaki@ohgaki.net