#48757 [NEW]: ReflectionFunction::invoke() parameter issues
From: phi...@php.net Operating system: Mac PHP version: 5.3.0 PHP Bug Type: Reflection related Bug description: ReflectionFunction::invoke() parameter issues Description: ReflectionFunction::invoke() now requires a parameter, whereas in 5.2 it does not. -- Edit bug report at http://bugs.php.net/?id=48757&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=48757&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=48757&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=48757&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=48757&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=48757&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=48757&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=48757&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=48757&r=needscript Try newer version: http://bugs.php.net/fix.php?id=48757&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=48757&r=support Expected behavior: http://bugs.php.net/fix.php?id=48757&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=48757&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=48757&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=48757&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=48757&r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=48757&r=dst IIS Stability: http://bugs.php.net/fix.php?id=48757&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=48757&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=48757&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=48757&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=48757&r=mysqlcfg
#49923 [NEW]: get_defined_constants() BC break
From: phi...@php.net Operating system: Mac OS X 10.6 PHP version: 5.3SVN-2009-10-19 (snap) PHP Bug Type: Variables related Bug description: get_defined_constants() BC break Description: I expected 'internal' and not 'Core' to be the index for internal core constants. This apparently changed in PHP 5.3.0, yet is not in NEWS or documented. Please clarify the situation, as this may have been an unintentional change and BC break. Related: PHP bug #49223 Reproduce code: --- http://bugs.php.net/?id=49923&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=49923&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=49923&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=49923&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=49923&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=49923&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=49923&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=49923&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=49923&r=needscript Try newer version: http://bugs.php.net/fix.php?id=49923&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=49923&r=support Expected behavior: http://bugs.php.net/fix.php?id=49923&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=49923&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=49923&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=49923&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=49923&r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=49923&r=dst IIS Stability: http://bugs.php.net/fix.php?id=49923&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=49923&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=49923&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=49923&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=49923&r=mysqlcfg
#46582 [NEW]: curl enabled PHP segfaulting with OpenSSL
From: [EMAIL PROTECTED] Operating system: Ubuntu PHP version: 5.3.0alpha2 PHP Bug Type: cURL related Bug description: curl enabled PHP segfaulting with OpenSSL Description: This segfault only exists when PHP is compiled with Curl support. However, Curl is not being called when generating the segfault. Also, this happens only when libcurl has OpenSSL support but no segfault exists with GnuTLS support. The following bug is heavily related: http://bugs.php.net/bug.php?id=40926 But it's labeled as pgsql centric, so this is an attempt to make this a known Curl + OpenSSL bug. Please feel free to relabel these bugs where they belong. The configure line is: ./configure --enable-debug --with-curl --with-apxs2=/usr/bin/apxs2 --prefix=/home/user/php Curl information: cURL Information => libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1 And for good measure, when Curl is compiled against the following there is no segfault: cURL Information => libcurl/7.18.0 GnuTLS/2.0.4 zlib/1.2.3.3 libidn/1.1 Reproduce code: --- The exact code, in this case, is a simple svn call: http://phpminadmin.svn.sourceforge.net/svnroot/phpminadmin/trunk/index.php'; $blame = svn_blame($url); print_r($blame); Expected result: No segfault Actual result: -- The code "works", but the core is dumped with the following backtrace: (gdb) bt #0 0xb73f7fb0 in ?? () #1 0xb7c6e1bd in ?? () from /usr/lib/i686/cmov/libcrypto.so.0.9.8 #2 0xb7c6f98a in ERR_free_strings () from /usr/lib/i686/cmov/libcrypto.so.0.9.8 #3 0xb7e8c487 in ?? () from /usr/lib/libcurl.so.4 #4 0xb7ea00a0 in ?? () from /usr/lib/libcurl.so.4 #5 0xb7e95733 in curl_global_cleanup () from /usr/lib/libcurl.so.4 #6 0x08085c2b in zm_shutdown_curl (type=1, module_number=23) at /home/user/php/php-5.3.0alpha2/ext/curl/interface.c:687 #7 0x082c1f4e in module_destructor (module=0x860cfb8) at /home/user/php/php-5.3.0alpha2/Zend/zend_API.c:2073 #8 0x082c93b8 in zend_hash_apply_deleter (ht=0x1, p=0x860cf88) at /home/user/php/php-5.3.0alpha2/Zend/zend_hash.c:611 #9 0x082c95f8 in zend_hash_graceful_reverse_destroy (ht=0x85d1be0) at /home/user/php/php-5.3.0alpha2/Zend/zend_hash.c:646 #10 0x082be87e in zend_shutdown () at /home/user/php/php-5.3.0alpha2/Zend/zend.c:768 #11 0x0826cddf in php_module_shutdown () at /home/user/php/php-5.3.0alpha2/main/main.c:1955 #12 0x0834561e in main (argc=2, argv=0xbfc859e4) at /home/user/php/php-5.3.0alpha2/sapi/cli/php_cli.c:1325 -- Edit bug report at http://bugs.php.net/?id=46582&edit=1 -- Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=46582&r=trysnapshot52 Try a CVS snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=46582&r=trysnapshot53 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=46582&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=46582&r=fixedcvs Fixed in CVS and need be documented: http://bugs.php.net/fix.php?id=46582&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=46582&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=46582&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=46582&r=needscript Try newer version: http://bugs.php.net/fix.php?id=46582&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=46582&r=support Expected behavior: http://bugs.php.net/fix.php?id=46582&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=46582&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=46582&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=46582&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=46582&r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=46582&r=dst IIS Stability: http://bugs.php.net/fix.php?id=46582&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=46582&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=46582&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=46582&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=46582&r=mysqlcfg
#50562 [NEW]: FILTER_VALIDATE_URL is broken
From: phi...@php.net Operating system: N/A PHP version: 5.3.2RC1 PHP Bug Type: Filter related Bug description: FILTER_VALIDATE_URL is broken Description: While attempting to use FILTER_VALIDATE_URL, I notice it gets negative press. Here's one such piece of press: http://www.talkincode.com/php-filter-filter_validate_url-limitations- 124.html Ideally FILTER_VALIDATE_URL would behave as most would expect, and that's checking if an URL is valid... as most people do with long-ish regular expressions. Please also provide tips for how this should be documented. -- Edit bug report at http://bugs.php.net/?id=50562&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50562&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50562&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50562&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50562&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50562&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50562&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50562&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50562&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50562&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50562&r=support Expected behavior: http://bugs.php.net/fix.php?id=50562&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50562&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50562&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50562&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50562&r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=50562&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50562&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50562&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50562&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50562&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50562&r=mysqlcfg
#50563 [NEW]: removing E_WARNING from parse_url()
From: phi...@php.net Operating system: N/A PHP version: 5.3.2RC1 PHP Bug Type: URL related Bug description: removing E_WARNING from parse_url() Description: parse_url() does not need to emit an E_WARNING upon failure, as instead it returns false. Doing both basically requires people to use @. -- Edit bug report at http://bugs.php.net/?id=50563&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50563&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50563&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50563&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50563&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50563&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50563&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50563&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50563&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50563&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50563&r=support Expected behavior: http://bugs.php.net/fix.php?id=50563&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50563&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50563&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50563&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50563&r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=50563&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50563&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50563&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50563&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50563&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50563&r=mysqlcfg
[PHP-BUG] Bug #51277 [NEW]: google translate issues
From: philip Operating system: Irrelevant PHP version: Irrelevant Package: Online Doc Editor problem Bug Type: Bug Bug description:google translate issues Description: The google translation has a few bugs, some I noticed today. Do we have much control over this? This: --with-mysql Turned into: - with-mysql This: & Turned into: & This: 1 Turned into (adding spaces is common within all tags, not just this): 1 This: &example.outputs; Turned into: & Example.outputs; This: Compound Types Turned into (removed , weird): The removal of seems common but does not always occur, However, another: This: Creating a array zval Turned into: This: ]]> Turned into (but not always): ] ]> -- Edit bug report at http://bugs.php.net/bug.php?id=51277&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51277&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51277&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51277&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51277&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51277&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51277&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51277&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51277&r=needscript Try newer version: http://bugs.php.net/fix.php?id=51277&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51277&r=support Expected behavior: http://bugs.php.net/fix.php?id=51277&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51277&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51277&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51277&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51277&r=php4 Daylight Savings:http://bugs.php.net/fix.php?id=51277&r=dst IIS Stability: http://bugs.php.net/fix.php?id=51277&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51277&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51277&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51277&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51277&r=mysqlcfg
Bug #51436 [PATCH]: LCG entropy fix insufficient, uniqid leaks entropy, leads to weak session IDs
Edit report at http://bugs.php.net/bug.php?id=51436&edit=1 ID: 51436 Patch added by: phi...@php.net Reported by: andreas at andreas dot org Summary: LCG entropy fix insufficient, uniqid leaks entropy, leads to weak session IDs Status: Open Type: Bug Package: *Encryption and hash functions Operating System: all PHP Version: 5.3.2 New Comment: The following patch has been added/updated: Patch Name: session_entropy_docs_php_ini_default_off_still Revision: 1270003407 URL: http://bugs.php.net/patch-display.php?bug=51436&patch=session_entropy_docs_php_ini_default_off_still&revision=1270003407 Previous Comments: [2010-03-31 01:08:13] phi...@php.net Regarding session.entropy_file and session.entropy_length, please clarify this topic a bit and ideally include an example for Windows users. I see words like ksecdd.sys and CryptoAPI but am unsure how these might apply to session.entropy_file. And, what are the downsides of using these options... performance? [2010-03-30 20:19:27] paj...@php.net On a related note, we should document session.entropy-file in a better way. Maybe this page should be a good place to inform the users about this setting and why it should always be used: http://www.php.net/manual/en/session.installation.php Thanks Rasmus for the notice. [2010-03-30 12:38:31] andreas at andreas dot org Description: PHP utilizes a cryptographically weak random number generator to produce session ID information. Additionally, not enough entropy is used for the initial seeding of the RNG, and some of the entropy can leak by careless use of the uniqid() PHP function. Under certain circumstances, these individual weaknesses interact and reduce the number of possible values of a PHP session ID so much that exhaustive search for a valid session ID against the web server becomes feasible. I suggest to make sure that a cryptographically secure RNG is used for session ID generation, sufficient entropy is used to seed the RNG, and to change the uniqid() function to always return a hashed value. A complete discussion of why I think the code is vulnerable, including estimates on the attack effort, is available from http://berlin.ccc.de/~andreas/php-entropy-advisory.txt -- Edit this bug report at http://bugs.php.net/bug.php?id=51436&edit=1
[PHP-BUG] Bug #53161 [NEW]: iconv + openssl + mac = make fail
From: philip Operating system: Mac OS X PHP version: 5.3.3 Package: Compile Failure Bug Type: Bug Bug description:iconv + openssl + mac = make fail Description: Building with iconv on Mac has been an issue for years. Several bug reports elude to this problem, or morphed into it, but the problem still exists today. Probably different, but it's still here. This may only be a symptom of a larger problem, but I've finally concluded that building with iconv support is incompatible with --with-openssl on Mac. Here are my configure/make tests: Configure #1 (no iconv) ./configure --disable-all Make #1 (success) ... Configure #2 (includes iconv) ./configure --with-libxml-dir=/Users/philip/devel/libxml-274/ Make #2 (success) ... Configure #3 (includes iconv) ./configure --with-libxml-dir=/Users/philip/devel/libxml-274/ --with-openssl Make #3 (fail) gi/fastcgi.o main/internal_functions.o -lresolv -liconv -lm -lxml2 -lz -liconv -lm -lssl -lcrypto -lz -lxml2 -lz -liconv -lm -lxml2 -lz -liconv -lm -lxml2 -lz -liconv -lm -lxml2 -lz -liconv -lm -lxml2 -lz -liconv -lm -o sapi/cgi/php-cgi Undefined symbols: "_iconv_close", referenced from: __php_iconv_strlen in iconv.o _php_iconv_string in iconv.o _php_iconv_string in iconv.o __php_iconv_strpos in iconv.o __php_iconv_mime_decode in iconv.o __php_iconv_mime_decode in iconv.o __php_iconv_mime_decode in iconv.o _zif_iconv_substr in iconv.o _zif_iconv_substr in iconv.o _php_iconv_stream_filter_dtor in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o "_iconv", referenced from: __php_iconv_strlen in iconv.o _php_iconv_string in iconv.o _php_iconv_string in iconv.o __php_iconv_strpos in iconv.o __php_iconv_appendl in iconv.o __php_iconv_appendl in iconv.o _zif_iconv_substr in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o _php_iconv_stream_filter_append_bucket in iconv.o _php_iconv_stream_filter_append_bucket in iconv.o _php_iconv_stream_filter_append_bucket in iconv.o (maybe you meant: _iconv_functions, _zif_iconv_mime_decode , _zif_iconv_substr , _zif_iconv_strlen , _zif_iconv_strpos , _zif_ob_iconv_handler , _iconv_module_entry , _iconv_globals , _zif_iconv_mime_encode , _zif_iconv_get_encoding , _php_iconv_string , _zif_iconv_mime_decode_headers , cstring=ob_iconv_handler , _php_if_iconv , _zif_iconv_set_encoding , _zif_iconv_strrpos ) "_iconv_open", referenced from: __php_iconv_strlen in iconv.o _php_iconv_string in iconv.o __php_iconv_strpos in iconv.o __php_iconv_mime_decode in iconv.o __php_iconv_mime_decode in iconv.o _zif_iconv_substr in iconv.o _zif_iconv_substr in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o _php_iconv_stream_filter_factory_create in iconv.o ld: symbol(s) not found collect2: ld returned 1 exit status make: *** [sapi/cgi/php-cgi] Error 1 Configure #4 (includes iconv) ./configure --disable-all --with-openssl --with-iconv Make #4 (fail) Zend/zend_execute.o sapi/cgi/cgi_main.o sapi/cgi/fastcgi.o main/internal_functions.o -lresolv -liconv -liconv -lm -lssl -lcrypto -lz -o sapi/cgi/php-cgi Undefined symbols: "_iconv_close", referenced from: __php_iconv_strlen in iconv.o _php_iconv_string in iconv.o _php_iconv_string in iconv.o __php_iconv_strpos in iconv.o __php_iconv_mime_decode in iconv.o __php_iconv_mime_decode in iconv.o __php_iconv_mime_decode in iconv.o _zif_iconv_substr in iconv.o _zif_iconv_substr in iconv.o _php_iconv_stream_filter_dtor in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o "_iconv_open", referenced from: __php_iconv_strlen in iconv.o _php_iconv_string in iconv.o __php_iconv_strpos in iconv.o __php_iconv_mime_decode in iconv.o __php_iconv_mime_decode in iconv.o _zif_iconv_substr in iconv.o _zif_iconv_substr in iconv.o _zif_iconv_mime_encode in iconv.o _zif_iconv_mime_encode in iconv.o _php_iconv_stream_filter_factory_create in iconv.o ld
