Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:72852
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 20870 invoked from network); 28 Feb 2014 00:28:44 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 28 Feb 2014 00:28:44 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.47 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.192.47 mail-qg0-f47.google.com  
Received: from [209.85.192.47] ([209.85.192.47:42935] helo=mail-qg0-f47.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 10/34-33117-A38DF035 for <internals@lists.php.net>; Thu, 27 Feb 2014 19:28:42 -0500
Received: by mail-qg0-f47.google.com with SMTP id 63so7902155qgz.6
        for <internals@lists.php.net>; Thu, 27 Feb 2014 16:28:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=G1YwjgrBshlvfGLPfAPr62SFP/Z472fVUHRnydd8/CU=;
        b=oKMJpz+a91vVOlGs+h1E5yc1lodoPM+0avPtJ29P1gYQFC6LY5Ca5tivRsIdpmkogf
         5Thnk83CgonQT1hcfYypmeyQ6sZNp7uFSDG3dRDoBXGlLMzg1Y773tOO8mAqq71k44jo
         AZGf+Tr5cP/8W1hOlc6al6xCDBb4XFbJbwFC1laKKhigpne+j8K0mOJXTgDXEbUlBPJ6
         eNn3gP2eQMTXqq5UAkFYXAWqn0isMh1JEwOfhswQLBdyW1KuQnw6pMCCUeuuRCQDt5B0
         BL76+t1zoMHAM1mzblDzGXGLU6/1rOFEZr+07xzXSLEhq7FHAO6MWt1u4pAzxxnH3Sj3
         pxVQ==
MIME-Version: 1.0
X-Received: by 10.224.68.10 with SMTP id t10mr21097955qai.87.1393547319804;
 Thu, 27 Feb 2014 16:28:39 -0800 (PST)
Received: by 10.140.18.145 with HTTP; Thu, 27 Feb 2014 16:28:39 -0800 (PST)
In-Reply-To: <CAGa2bXb3pA_uy9iGCFkJ1LppDZ3nu8FVKmYSKMN412WykN_nMA@mail.gmail.com>
References: <CAGa2bXYO=Q3pmYKYOt0qudFtzimrXitJoLcB4KZ80MYJ-nJo0A@mail.gmail.com>
	<CAF+90c9umjqfiW3780hPjk_LpbyV=fT2t=bXZxWhiSDN-yuiuA@mail.gmail.com>
	<CAGa2bXZcs-zq7afbY9dqvOcnQ0q1MAC0muO3VNSfxzMnL4_hCg@mail.gmail.com>
	<530C3C7B.8080907@sugarcrm.com>
	<CAGa2bXYyxrLXxT812=s_s7zB+En1mfAJy9du90+Yt7OPZYjdvA@mail.gmail.com>
	<530C77F8.2060809@sugarcrm.com>
	<1393328380.5233.45.camel@guybrush>
	<CAGa2bXbNKxNN-j1LoisnvGsUbxk-6ZqNG87zF3BUg1LEHUYcgw@mail.gmail.com>
	<530DADC7.2070302@lsces.co.uk>
	<CAGa2bXYFBocCPYXZxznWj8-y+O8ME9vHKC4BcG=UQqC6rocRjg@mail.gmail.com>
	<530DDEC6.9010901@lsces.co.uk>
	<CAGa2bXYBqNX8e+sSpoF-AoJCpKY0paQaxMSi0N5rxHOiz1VpQg@mail.gmail.com>
	<CALwr1GkQb94eSmoLO0n4miFcdtkx66A1ytyExsoUWgk_tChN8w@mail.gmail.com>
	<CAGa2bXb3pA_uy9iGCFkJ1LppDZ3nu8FVKmYSKMN412WykN_nMA@mail.gmail.com>
Date: Fri, 28 Feb 2014 01:28:39 +0100
Message-ID: <CAEZPtU7Rr6uuM=-qwsQ1ajqy5fv9dYH3uqKaHn8FkQOwAj2ziQ@mail.gmail.com>
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: =?UTF-8?Q?P=C3=A1draic_Brady?= <padraic.brady@gmail.com>, 
	Lester Caine <lester@lsces.co.uk>, "internals@lists.php.net" <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Resolution for ver_export()/addslashes() encoding based
 script execution attack?
From: pierre.php@gmail.com (Pierre Joye)

hi,


On Fri, Feb 28, 2014 at 12:08 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> P.S. Are we really going to discuss this kind of discussion in public?

Yes, these issues are public anyway. Alone the RFC and these
discussions provide enough information to anyone willing to know or do
more about them.

Cheers,
-- 
Pierre

@pierrejoye | http://www.libgd.org