Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:71575 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 17967 invoked from network); 26 Jan 2014 00:52:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 Jan 2014 00:52:06 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.215.52 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.215.52 mail-la0-f52.google.com Received: from [209.85.215.52] ([209.85.215.52:38176] helo=mail-la0-f52.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BA/E5-19300-43C54E25 for ; Sat, 25 Jan 2014 19:52:05 -0500 Received: by mail-la0-f52.google.com with SMTP id c6so3468421lan.25 for ; Sat, 25 Jan 2014 16:52:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=8DiFVFL3Ofpujif/o740swJunDBTbNeQRUyJ6MlHU5s=; b=ULVaH5mmcgMUy6bj1SAXP8wW7IAl4IwreZU1sd7hd1no150oH4mrCpuVfNc08vBda/ ZuwVGH2YG7u7KWf/n8uoOKi95ddB9OTD/55YCgI8X8PF2POtgnpiSL4DksqlL6dfxVVV aPxybSjOU44UlEZglf99GJAJCatC+X83fponXh0paLZ8ZhkdA16SDjHbrBOn7jarbhqg Yv57tcr31uysCEdZkPWEu+Cp0nf4EUoqevnZz6HrkLjVXilzlWDEMks5RuCD1lEE16RV F4hcy7EeY7O0nA5JcouEgQiPRCRbk4r/C9Lz/Tn0PZgA16H5O0k4UhxWHRKKvytOyRKy cV6Q== X-Received: by 10.112.159.132 with SMTP id xc4mr5065lbb.62.1390697521463; Sat, 25 Jan 2014 16:52:01 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.112.132.134 with HTTP; Sat, 25 Jan 2014 16:51:21 -0800 (PST) In-Reply-To: References: Date: Sun, 26 Jan 2014 09:51:21 +0900 X-Google-Sender-Auth: tCk_u15Jr28qnmyXLqXctcKeFyo Message-ID: To: Nikita Popov Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11c3ddd6c1c8a304f0d4ff08 Subject: Re: [PHP-DEV] [VOTE] RFC: Multibyte Char Handling From: yohgaki@ohgaki.net (Yasuo Ohgaki) --001a11c3ddd6c1c8a304f0d4ff08 Content-Type: text/plain; charset=UTF-8 Hi Nikita, On Sun, Jan 26, 2014 at 9:38 AM, Nikita Popov wrote: > This RFC conflates the addition of a multibyte version of addslashes (in > response to quoted CVE) with the replacement of the mbstring extension by a > completely different implementation (and an incomplete one at that). Those > two things have very little to do with each other and should not be covered > in the same RFC and/or vote. The root cause of this issue is lack of multibyte aware functions that relates to security. I've wrote the RFC to compile current mbstring by default at first, but it was withdrawn. The reason why is that mbstring is using LGPLed libraries. As long as it is loaded as shared module, there would not be issue. However, if these are compiled and used statically, LGPL will be effective. To avoid this issue, mbstring would be better to replaced by mbstring-ng and move mbstring to PECL for future release. I'll work on mbstring-ng so that it has all mbstring features. Until then, we may have it as EXPERIMENTAL. Although, it may seem different issue. Compilation of mbstring by default is needed to resolve the issue. Therefore, I've made a single RFC to accomplish the objective. Does this sound reasonable to you? Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net --001a11c3ddd6c1c8a304f0d4ff08--