Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:71261 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 81767 invoked from network); 19 Jan 2014 01:52:38 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Jan 2014 01:52:38 -0000 Authentication-Results: pb1.pair.com smtp.mail=willfitch@php.net; spf=unknown; sender-id=unknown Authentication-Results: pb1.pair.com header.from=willfitch@php.net; sender-id=unknown Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 66.111.4.25 as permitted sender) X-PHP-List-Original-Sender: willfitch@php.net X-Host-Fingerprint: 66.111.4.25 out1-smtp.messagingengine.com Received: from [66.111.4.25] ([66.111.4.25:34766] helo=out1-smtp.messagingengine.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 1C/C3-61840-4EF2BD25 for ; Sat, 18 Jan 2014 20:52:37 -0500 Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 602C020DF0; Sat, 18 Jan 2014 20:52:33 -0500 (EST) Received: from web6 ([10.202.2.216]) by compute1.internal (MEProxy); Sat, 18 Jan 2014 20:52:33 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:from:to:mime-version :content-transfer-encoding:content-type:in-reply-to:references :subject:date; s=smtpout; bh=9zGiHFATP66fISxlAiUxhfDiRSg=; b=doW AhWWa6SeXjnBCi2bAzVJW01Tsglb7cp5xafK/WhTHW4DuEy/0ifWX1BmdWsP8hEn BcwMoFe/8UpDZtm9pxfYbetcE8EEFcLZItyFr29kKrX4f2GVV7RYZkfZKG6rLJ7C Jf+vhXuTnf5R81T5XGqigCV68rGxL5WtaPfI5n3I= Received: by web6.nyi.mail.srv.osa (Postfix, from userid 99) id 324012825D0; Sat, 18 Jan 2014 20:52:33 -0500 (EST) Message-ID: <1390096353.18659.72527933.474C16A5@webmail.messagingengine.com> X-Sasl-Enc: eOZolchKmycvd4w+tGIJLbpWBLiQPoHA/kvD7Mzu3rd7 1390096353 To: Stas Malyshev , internals@lists.php.net MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-e8d433be In-Reply-To: <52DB2E4D.8000009@sugarcrm.com> References: <1390082096.14862.72482025.5D36E64F@webmail.messagingengine.com> <52DB2E4D.8000009@sugarcrm.com> Date: Sat, 18 Jan 2014 17:52:33 -0800 Subject: Re: [PHP-DEV] Bug 62479 From: willfitch@php.net (Will Fitch) Hi Stas, I see no comments from you. The only response I've seen from you was your asking me if the patch was ready (in comments on the bug). Can you please elaborate? This isn't technically a security issue, but the bug was reported on 5.3, and affects 5.3. If this is an issue, I can revert the 5.3 change, but this was a miscommunication between Iliaa and myself. We both originally had patches, and they ended up getting combined. On Sat, Jan 18, 2014, at 05:45 PM, Stas Malyshev wrote: > Hi! > > > If no one objects, I plan on merging > > https://github.com/willfitch/php-src/commit/06170d344f6b3148d505afd8ae952d3439de9005 > > to 5.3 and up later tonight. This bug has been out there for a long > > time. > > I see my comments on the patch were ignored. Could you explain what > happens if the password is, for example, 'foo? From the patch, it looks > like it would be placed there as-is. Is this the correct behavior? > > Also, it this a security issue? Because 5.3 is security fixes only. > -- > Stanislav Malyshev, Software Architect > SugarCRM: http://www.sugarcrm.com/ > (408)454-6900 ext. 227