Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.

#1 Feb. 1, 2005 19:26:52

Andi G.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


Hey,I just heard from Wez that PDO is in very advanced stages now (ready for beta).I would like to start the PHP 5.1 release process. Due to the lack of
testing both the new engine VM and PDO have received I would like to start
with a beta process so that we get feedback.I know there are still some fixes that need to be applied both in the
engine and in extensions so I would like to release a beta on March 1st (a
month from today).Derick also mentioned that his new very much needed Date
extension will be ready by that date.I believe both PDO and Date should be included in the default distro. As
far as PDO is concerned I think for each DB if it is selected at configure
time, the relevant PDO extension should also be enabled. So doing
--with-oci8 should enable both ext/oci8 and ext/pdo_oci. This will give
users more of a choice, give more exposure to PDO which is one of the most
important features of 5.1 and of course, it doesn't really cost us very
much except for having to do some configure hacking.Comments/Flames/Praises to this list :)Andi--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#2 Feb. 1, 2005 20:21:17

Stephan S.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


Hi,Andi Gutmans schrieb:I believe both PDO and Date should be included in the default distro.I'd like to see xmlreader be bundled as well. It's fast, easy to use and
still very powerful.Stephan
--http://www.php-tools.nethttp://www.schst.nethttp://pear.php.net--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#3 Feb. 1, 2005 20:26:17

George S.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


On Feb 1, 2005, at 3:20 PM, Stephan Schmidt wrote:Hi,Andi Gutmans schrieb:I believe both PDO and Date should be included in the default distro.I'd like to see xmlreader be bundled as well. It's fast, easy to use
and still very powerful.+1George--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#4 Feb. 1, 2005 20:58:13

Andi G.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


Don't see a problem with that if it's release quality.AndiAt 09:20 PM 2/1/2005 +0100, Stephan Schmidt wrote:Hi,Andi Gutmans schrieb:I believe both PDO and Date should be included in the default distro.I'd like to see xmlreader be bundled as well. It's fast, easy to use and
still very powerful.Stephan
--http://www.php-tools.nethttp://www.schst.nethttp://pear.php.net--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#5 Feb. 1, 2005 22:11:34

Rasmus L.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


Andi Gutmans wrote:I believe both PDO and Date should be included in the default distro. As
far as PDO is concerned I think for each DB if it is selected at
configure time, the relevant PDO extension should also be enabled. So
doing --with-oci8 should enable both ext/oci8 and ext/pdo_oci. This will
give users more of a choice, give more exposure to PDO which is one of
the most important features of 5.1 and of course, it doesn't really cost
us very much except for having to do some configure hacking.If I can get off my ass and get it finished up it would be good to get a
default input filtering extension in there as well. We have not done
much to help people do proper input validation and although the hook for
it is in 5.0 I doubt anybody has actually used it yet. I'll try to get
it into PECL in the next week or so for people to have a look.-Rasmus--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#6 Feb. 1, 2005 22:29:38

Andi G.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


As time is very short, I suggest to discuss exactly what we want and then
to see if it's possible in a 5.1 time frame.Can you give a short overview of what you had in mind and how the end-user
would be using the functionality?Thanks,
AndiAt 02:10 PM 2/1/2005 -0800, Rasmus Lerdorf wrote:Andi Gutmans wrote:I believe both PDO and Date should be included in the default distro. As
far as PDO is concerned I think for each DB if it is selected at
configure time, the relevant PDO extension should also be enabled. So
doing --with-oci8 should enable both ext/oci8 and ext/pdo_oci. This will
give users more of a choice, give more exposure to PDO which is one of
the most important features of 5.1 and of course, it doesn't really cost
us very much except for having to do some configure hacking.If I can get off my ass and get it finished up it would be good to get a
default input filtering extension in there as well. We have not done much
to help people do proper input validation and although the hook for it is
in 5.0 I doubt anybody has actually used it yet. I'll try to get it into
PECL in the next week or so for people to have a look.-Rasmus--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#7 Feb. 1, 2005 22:42:10

Rasmus L.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


Andi Gutmans wrote:As time is very short, I suggest to discuss exactly what we want and
then to see if it's possible in a 5.1 time frame.Can you give a short overview of what you had in mind and how the
end-user would be using the functionality?Well, I am not starting from scratch here. I have code, it just needs a
bit of polishing.But the general idea is to provide an optional filter that people can
enable in their ini file. This will strip out any XSS, quotes, braces,
etc. The actual list will need to be massaged a bit, and there will be
multiple filters so people can choose how strict to be by default.At the same time a filter access function is provided.eg.$age = pfilter(POST, 'age', FILTER_DIGITS);
$addr = pfilter(POST, 'addr', FILTER_ALNUM);
$body = pfilter(REQUEST, 'body', FILTER_TAGS);
$raw = pfilter(COOKIE,'cook', FILTER_RAW);We obviously can't turn on the input filter by default, but even without
the default filter enabled, providing a set of input filters for people
to use so they don't have to come up with complicated regular
expressions to check user input will go a long way to make it easier for
people to write safer applications. Even people who actually take the
step to do input validation tend to get the validation wrong as we have
seen in a number of recent examples.-Rasmus--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#8 Feb. 1, 2005 22:45:20

Christian S.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


On 1.2.2005 21:20 Uhr, Stephan Schmidt wrote:Hi,Andi Gutmans schrieb:I believe both PDO and Date should be included in the default distro.I'd like to see xmlreader be bundled as well. It's fast, easy to use and
still very powerful.Very big +1 from me on that as well. XMLReader needs to be bundled, it's
far superior to sax aka ext/xml and widespread use won't hurt (but
that's just my 2 cents).And Rob is working on better error reporting for the different XML
classes. I have no ideas, how "finished" that is. But we need that in
5.1, as well (I already told everyone, that 5.1 will have better error
reporting ;) ). He can certainly better tell you, how far he is with that.chreguStephan--
christian stocker | Bitflux GmbH | schoeneggstrasse 5 | ch-8004 zurich
phone +41 1 240 56 70 | mobile +41 76 561 88 60 | fax +41 1 240 56 71http://www.bitflux.ch| | gnupg-keyid 0x5CE1DECB--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#9 Feb. 1, 2005 23:12:10

Christian S.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


Rasmus Lerdorf wrote:But the general idea is to provide an optional filter that people can
enable in their ini file. This will strip out any XSS, quotes, braces,I assume this will include PHP functions to do the filtering as well?
(Forgive me if we already have this now, I haven't looked at 5.0 enough
yet :-))$age = pfilter(POST, 'age', FILTER_DIGITS);
$addr = pfilter(POST, 'addr', FILTER_ALNUM);
$body = pfilter(REQUEST, 'body', FILTER_TAGS);
$raw = pfilter(COOKIE,'cook', FILTER_RAW);Sounds like a good idea (even though the name pfilter reminds me too
much of packet filter :-)). A catch-all could be handy too, e.g.pfilter(REQUEST, DEFAULT, FILTER_TAGS);which filters anything not handled before. Surely you can come up with a
better interface but I hope you get the idea. Being able to define a
default filter but still override it for certain variables is what I
mean. (Also important would be that FILTER_TAGS is more robust than
strip_tags which has some loopholes IIRC)I agree that making input validation (or filtering) easy is important to
help people write safer code. I once wrote a validator in PHP which
allowed me to specify allowable tags including attributes and regular
expression for the attribute values but it required the input to be
XML/XHTML which might be a bit too harsh for most people.A bit off-topic: I'm sure variable tainting has been discussed before,
can some give the final opinion, was it found unsuitable/too much
work/too inefficient or was it just post-poned (maybe indefinitely)?- Chris--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

#10 Feb. 1, 2005 23:22:02

Rasmus L.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

[PHP-DEV] PHP 5.1


Christian Schneider wrote:Rasmus Lerdorf wrote:But the general idea is to provide an optional filter that people can
enable in their ini file. This will strip out any XSS, quotes, braces,I assume this will include PHP functions to do the filtering as well?
(Forgive me if we already have this now, I haven't looked at 5.0 enough
yet :-))Right,a function to filter user data through any of the filters will be
provided as well.$age = pfilter(POST, 'age', FILTER_DIGITS);
$addr = pfilter(POST, 'addr', FILTER_ALNUM);
$body = pfilter(REQUEST, 'body', FILTER_TAGS);
$raw = pfilter(COOKIE,'cook', FILTER_RAW);Sounds like a good idea (even though the name pfilter reminds me too
much of packet filter :-)). A catch-all could be handy too, e.g.pfilter(REQUEST, DEFAULT, FILTER_TAGS);I just made up the pfilter name. I really don't care what it is called.
Figured filter() was a bit too generic and likely to step on existing
user-space functions out there.which filters anything not handled before. Surely you can come up with a
better interface but I hope you get the idea. Being able to define a
default filter but still override it for certain variables is what I
mean. (Also important would be that FILTER_TAGS is more robust than
strip_tags which has some loopholes IIRC)strip_tags only has loopholes if you allow some tags through. But yes,
this would be a very strict get rid of all tags filter and it needs to
be charset aware.A bit off-topic: I'm sure variable tainting has been discussed before,
can some give the final opinion, was it found unsuitable/too much
work/too inefficient or was it just post-poned (maybe indefinitely)?It is really hard to do this correctly. Most user data in a web app is
multi-purpose in the sense that it is often both displayed and inserted
into a database, for example. The untaint rules are vastly different
for these two purposes. Throw in a few more and you have a mess on your
hands. Just because you untainted it for one purpose doesn't mean it is
safe for another, so I don't really see how a single taint flag can be
all that effective. I would rather see context-specific access function
that retrieves the data for a specific purpose. In this case
implemented by calling pfilter with a given filter.And just to clarify, since I added the hook to do this long ago, there
aren't actually any PHP changes needed. It can be completely handled in
a pecl extension. It just becomes a matter of whether/when to include
it with PHP.-Rasmus--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit:http://www.php.net/unsub.php

Offline

Board footer

Moderator control

Enjoy the 22nd of January
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support