Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:71260 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 80285 invoked from network); 19 Jan 2014 01:45:56 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Jan 2014 01:45:56 -0000 Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 108.166.43.75 as permitted sender) X-PHP-List-Original-Sender: smalyshev@sugarcrm.com X-Host-Fingerprint: 108.166.43.75 smtp75.ord1c.emailsrvr.com Linux 2.6 Received: from [108.166.43.75] ([108.166.43.75:53164] helo=smtp75.ord1c.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B6/73-61840-25E2BD25 for ; Sat, 18 Jan 2014 20:45:55 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp2.relay.ord1c.emailsrvr.com (SMTP Server) with ESMTP id 775F31E833A; Sat, 18 Jan 2014 20:45:51 -0500 (EST) X-Virus-Scanned: OK Received: by smtp2.relay.ord1c.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id 1E0181E8280; Sat, 18 Jan 2014 20:45:51 -0500 (EST) Message-ID: <52DB2E4D.8000009@sugarcrm.com> Date: Sat, 18 Jan 2014 17:45:49 -0800 Organization: SugarCRM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Will Fitch , "internals@lists.php.net" References: <1390082096.14862.72482025.5D36E64F@webmail.messagingengine.com> In-Reply-To: <1390082096.14862.72482025.5D36E64F@webmail.messagingengine.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Bug 62479 From: smalyshev@sugarcrm.com (Stas Malyshev) Hi! > If no one objects, I plan on merging > https://github.com/willfitch/php-src/commit/06170d344f6b3148d505afd8ae952d3439de9005 > to 5.3 and up later tonight. This bug has been out there for a long > time. I see my comments on the patch were ignored. Could you explain what happens if the password is, for example, 'foo? From the patch, it looks like it would be placed there as-is. Is this the correct behavior? Also, it this a security issue? Because 5.3 is security fixes only. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227