Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:90978 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 49650 invoked from network); 27 Jan 2016 12:34:34 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 27 Jan 2016 12:34:34 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.171 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.160.171 mail-yk0-f171.google.com Received: from [209.85.160.171] ([209.85.160.171:33105] helo=mail-yk0-f171.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A0/A8-28185-959B8A65 for ; Wed, 27 Jan 2016 07:34:33 -0500 Received: by mail-yk0-f171.google.com with SMTP id k129so7811709yke.0 for ; Wed, 27 Jan 2016 04:34:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=pMIRkI/nRBETcPzn1MqDbjTnMjCbXuVKzKNoeZBlbH8=; b=EVvPv83R1G7lQU/2lDjlP11WXvsCqOTiQYdNgeYvW8ie2s1m3VsHZ/9mtskXn5ahle sytTIDiPi8474zKy+wce7ySX0Q5W7YBlbF17k7NTgSlHXAZAKU4Eg65tZoc6L4AnFrwI vFETg5xdLr/SwJQvJAYwzDoTTRE60rJyhaT5KlwrydzL3t9jcESWXRZSHLqoxjADiHVL HMLzGGhiwg2jskq5D9E/oWdPTKxfD+XPiT7T0IYw+Hg6BfQfS8XXUmSHm1SyrK26zYce Pxn0rfupXaEslxYduazbuNSDTDwiXd/VoW0rj6qCABj7IolnjWyFLWSXd4IZUNU7g7Qe fbGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc:content-type; bh=pMIRkI/nRBETcPzn1MqDbjTnMjCbXuVKzKNoeZBlbH8=; b=av9yzQ9+1/SxY/NMEdSMKJk5WnJ8uMtvChPz5YynvJeaep2No7zGkZt5A+eIs1eiza Zv9orl2W82T2R/5hEWoXCsYGwGa/532K9Sbl5hd4buUF82/5wPIIXlARYV5wZjhOICgQ AcXdvP9qxmZaK/AR3btJUqhyZgcLt5L1zBhca65IYnEHjnYN3yHRJu7x3i1NApqQ0j92 Pyhjtib/8UR8uXIGBQTgznzhA0cPpssanN2l9uduR1cNwZ4Mz6TOO97OXIMvBfnBqBph 7zX3CM3GTbLwKkC4MtCgbb43jlixy7eiXMn1IfOVL8J1WGo6J7l7BlMVMZ0WYHNMthEe zxyw== X-Gm-Message-State: AG10YOSjmedmbZ9UbQ1BQMs2LQCcHEZqNUxXidqTTctQyujYZmvi6y1DigLm6A1MXS6OCapWqX2NKICYV/+thg== X-Received: by 10.129.128.193 with SMTP id q184mr7346868ywf.220.1453898070754; Wed, 27 Jan 2016 04:34:30 -0800 (PST) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.129.88.139 with HTTP; Wed, 27 Jan 2016 04:33:51 -0800 (PST) In-Reply-To: References: <9D.00.64206.7C430A65@pb1.pair.com> <0D.E3.12955.15522A65@pb1.pair.com> Date: Wed, 27 Jan 2016 21:33:51 +0900 X-Google-Sender-Auth: WnOtUUkQJS0rQo00QjlXUxdR4N0 Message-ID: To: Pierre Joye Cc: Julien Pauli , PHP internals , Umberto Salsi , Daniel Lowrey Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Severe safety fail in file access and stream filters From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi Pierre, On Tue, Jan 26, 2016 at 8:38 PM, Pierre Joye wrote: > I totally agree with you here. I agree with Julien, too. > > The same applies imho to the session (about the other rfc targetting 7.1 or > other). I can understand your opinion for session RFC you've mentioned. The problem is a little more complex because it related to security/stability of session... BTW, I don't think we need complete rewrite for session. It would not differ much as new one should have state management because of user save handlers anyway. Session module has many issues, but fundamental design is good enough. It's just missing some critical parts, needs some cleanups. IMHO. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net