Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87442 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 66524 invoked from network); 31 Jul 2015 14:53:28 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 31 Jul 2015 14:53:28 -0000 Authentication-Results: pb1.pair.com header.from=nicolas.grekas@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=nicolas.grekas@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.212.171 as permitted sender) X-PHP-List-Original-Sender: nicolas.grekas@gmail.com X-Host-Fingerprint: 209.85.212.171 mail-wi0-f171.google.com Received: from [209.85.212.171] ([209.85.212.171:33253] helo=mail-wi0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id AA/D3-47755-7EB8BB55 for ; Fri, 31 Jul 2015 10:53:27 -0400 Received: by wicmv11 with SMTP id mv11so61310321wic.0 for ; Fri, 31 Jul 2015 07:53:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=zPkAqDBR6t3Oagu/XS4GXVIGz7JedPJSApXCIeMcKz0=; b=hlKfZzozBU7ajM/4qb9KSFm+OPT1Plfyk34TcCF/7U+7VK8OV83oATpT/SGNSKAh1l e7dDyFXSp0DRD1YUYTStCONmVRA/fsAWvdgAS+fYBqwwbE/qlc6nqoZB4NczgJ8LR8Np i0Qm8Ca5+mJAjlKXXJBZ5XtQf6VcibYUxORwnVH04OhfulhSNnlXqkIaHBhMj40iC+hv ssiS/iQH66kHPOYwbtDoHUvZN0PPCMJz3zOy9TwviXyVg3Nm06NHGFeun7EYevWKckGX Z9fsQ6pMFIU5av6C060OYHJDhlzp32VQYHbuQ3ZddNzohBQJP3hxB2uO0KUA5w4FRmcl Zrow== X-Received: by 10.180.37.33 with SMTP id v1mr7324652wij.88.1438354404738; Fri, 31 Jul 2015 07:53:24 -0700 (PDT) MIME-Version: 1.0 Sender: nicolas.grekas@gmail.com Received: by 10.27.172.10 with HTTP; Fri, 31 Jul 2015 07:53:05 -0700 (PDT) In-Reply-To: References: Date: Fri, 31 Jul 2015 16:53:05 +0200 X-Google-Sender-Auth: XCGx2qQgNF8G0wNcLPoUY9fmImk Message-ID: To: Julien Pauli Cc: PHP Internals Content-Type: multipart/mixed; boundary=e89a8f6476f35b2dad051c2cfb23 Subject: Re: [PHP-DEV] Exposing object handles to userland From: nicolas.grekas+php@gmail.com (Nicolas Grekas) --e89a8f6476f35b2dad051c2cfb23 Content-Type: multipart/alternative; boundary=e89a8f6476f35b2da8051c2cfb21 --e89a8f6476f35b2da8051c2cfb21 Content-Type: text/plain; charset=UTF-8 > I also know people that print_r($an_object) and parse the output just to > extract the object handle from there... Crazy isn't it ? > I plead guilty for doing this, but php let me no better choice for now ;) The attached patch removes the XOR hashing for the object handle (it's useless, the "secret" is trivially guessed after parsing the output of var_dump). It would be awesome if this patch could be applied for php 7.0! Cheers, Nicolas --e89a8f6476f35b2da8051c2cfb21 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

=
I also know people that print_r($an_object) and parse the output just to extract the object handle from there... Crazy isn't it ?

I plead guilty for doing this, but php let me no bett= er choice for now ;)

The attached patch removes the XOR h= ashing for the object handle (it's useless, the "secret" is t= rivially guessed after parsing the output of var_dump).

I= t would be awesome if this patch could be applied for php 7.0!

Cheers,
Nicolas
--e89a8f6476f35b2da8051c2cfb21-- --e89a8f6476f35b2dad051c2cfb23 Content-Type: text/plain; charset=US-ASCII; name="clear-text-handle.diff" Content-Disposition: attachment; filename="clear-text-handle.diff" Content-Transfer-Encoding: base64 X-Attachment-Id: f_icrqyjt60 ZGlmZiAtLWdpdCBhL2V4dC9zcGwvcGhwX3NwbC5jIGIvZXh0L3NwbC9waHBfc3BsLmMKaW5kZXgg ZTg5Y2FhMi4uMGQ4YmU5NyAxMDA2NDQKLS0tIGEvZXh0L3NwbC9waHBfc3BsLmMKKysrIGIvZXh0 L3NwbC9waHBfc3BsLmMKQEAgLTc1NSwyMiArNzU1LDIwIEBAIFBIUF9GVU5DVElPTihzcGxfb2Jq ZWN0X2hhc2gpCiAKIFBIUEFQSSB6ZW5kX3N0cmluZyAqcGhwX3NwbF9vYmplY3RfaGFzaCh6dmFs ICpvYmopIC8qIHt7eyovCiB7Ci0JaW50cHRyX3QgaGFzaF9oYW5kbGUsIGhhc2hfaGFuZGxlcnM7 CisJaW50cHRyX3QgaGFzaF9oYW5kbGVyczsKIAogCWlmICghU1BMX0coaGFzaF9tYXNrX2luaXQp KSB7CiAJCWlmICghQkcobXRfcmFuZF9pc19zZWVkZWQpKSB7CiAJCQlwaHBfbXRfc3JhbmQoKHVp bnQzMl90KUdFTkVSQVRFX1NFRUQoKSk7CiAJCX0KIAotCQlTUExfRyhoYXNoX21hc2tfaGFuZGxl KSAgID0gKGludHB0cl90KShwaHBfbXRfcmFuZCgpID4+IDEpOwogCQlTUExfRyhoYXNoX21hc2tf aGFuZGxlcnMpID0gKGludHB0cl90KShwaHBfbXRfcmFuZCgpID4+IDEpOwogCQlTUExfRyhoYXNo X21hc2tfaW5pdCkgPSAxOwogCX0KIAotCWhhc2hfaGFuZGxlICAgPSBTUExfRyhoYXNoX21hc2tf aGFuZGxlKV4oaW50cHRyX3QpWl9PQkpfSEFORExFX1Aob2JqKTsKIAloYXNoX2hhbmRsZXJzID0g U1BMX0coaGFzaF9tYXNrX2hhbmRsZXJzKV4oaW50cHRyX3QpWl9PQkpfSFRfUChvYmopOwogCi0J cmV0dXJuIHN0cnBwcmludGYoMzIsICIlMDE2bHglMDE2bHgiLCBoYXNoX2hhbmRsZSwgaGFzaF9o YW5kbGVycyk7CisJcmV0dXJuIHN0cnBwcmludGYoMzIsICIlMDE2bHglMDE2bHgiLCAoaW50cHRy X3QpWl9PQkpfSEFORExFX1Aob2JqKSwgaGFzaF9oYW5kbGVycyk7CiB9CiAvKiB9fX0gKi8KIApk aWZmIC0tZ2l0IGEvZXh0L3NwbC9waHBfc3BsLmggYi9leHQvc3BsL3BocF9zcGwuaAppbmRleCAw MTVhZGE0Li5iMjQ1MGNhIDEwMDY0NAotLS0gYS9leHQvc3BsL3BocF9zcGwuaAorKysgYi9leHQv c3BsL3BocF9zcGwuaApAQCAtNjIsNyArNjIsNiBAQCBQSFBfTUlORk9fRlVOQ1RJT04oc3BsKTsK IFpFTkRfQkVHSU5fTU9EVUxFX0dMT0JBTFMoc3BsKQogCXplbmRfc3RyaW5nICphdXRvbG9hZF9l eHRlbnNpb25zOwogCUhhc2hUYWJsZSAgICphdXRvbG9hZF9mdW5jdGlvbnM7Ci0JaW50cHRyX3Qg ICAgIGhhc2hfbWFza19oYW5kbGU7CiAJaW50cHRyX3QgICAgIGhhc2hfbWFza19oYW5kbGVyczsK IAlpbnQgICAgICAgICAgaGFzaF9tYXNrX2luaXQ7CiAJaW50ICAgICAgICAgIGF1dG9sb2FkX3J1 bm5pbmc7CmRpZmYgLS1naXQgYS9leHQvc3BsL3Rlc3RzL3NwbF8wMDUucGhwdCBiL2V4dC9zcGwv dGVzdHMvc3BsXzAwNS5waHB0CmluZGV4IDIxOWM3OTEuLmMxYmZmZTcgMTAwNjQ0Ci0tLSBhL2V4 dC9zcGwvdGVzdHMvc3BsXzAwNS5waHB0CisrKyBiL2V4dC9zcGwvdGVzdHMvc3BsXzAwNS5waHB0 CkBAIC0xMSw3ICsxMSw3IEBAIHZhcl9kdW1wKHNwbF9vYmplY3RfaGFzaCgpKTsKID09PURPTkU9 PT0KIDw/cGhwIGV4aXQoMCk7ID8+CiAtLUVYUEVDVEYtLQotc3RyaW5nKDMyKSAiJXMiCitzdHJp bmcoMzIpICIwMDAwMDAwMDAwMDAwMDAlclsxLTldJXIwMDAwMDAwMCVzIgogCiBXYXJuaW5nOiBz cGxfb2JqZWN0X2hhc2goKSBleHBlY3RzIHBhcmFtZXRlciAxIHRvIGJlIG9iamVjdCwgaW50ZWdl ciBnaXZlbiBpbiAlc3NwbF8wMDUucGhwIG9uIGxpbmUgJWQKIE5VTEwK --e89a8f6476f35b2dad051c2cfb23--