require a specific PHP minor version?

Hi, Due to [0] should we * require a minimum PHP version of 5.3.27 in libraries/common.inc.php for phpMyAdmin 4.4.15? * mention this requirement in our doc? * mention it on the downloads page? The alternative I see, is to remove in time for phpMyAdmin 4.4.15 the phpseclib fix we did for PHP 7 compatibility in phpMyAdmin 4.4.14. However I would prefer to keep this fix in place, because users of PHP 7 would have to upgrade sooner to phpMyAdmin 4.5, which requires PHP 5.5 to 7.0. [0] http://stackoverflow.com/questions/32349895/warning-in-libraries-phpseclib-c... -- Marc Delisle | phpMyAdmin

Hi Dne Sun, 06 Sep 2015 08:27:19 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Due to [0] should we * require a minimum PHP version of 5.3.27 in libraries/common.inc.php for phpMyAdmin 4.4.15?
* mention this requirement in our doc?
* mention it on the downloads page?
Looking at the comments, it might be actually fixed already in 5.3.7. Also it can quite easily happen that Redhat will backport the fix to their version, so the strict version check doesn't seem like a good solution.
The alternative I see, is to remove in time for phpMyAdmin 4.4.15 the phpseclib fix we did for PHP 7 compatibility in phpMyAdmin 4.4.14. However I would prefer to keep this fix in place, because users of PHP 7 would have to upgrade sooner to phpMyAdmin 4.5, which requires PHP 5.5 to 7.0.
What I don't understand is what makes mb_strlen($this->_cookie_iv,'8bit') different from strlen($this->_cookie_iv) in this case.
[0] http://stackoverflow.com/questions/32349895/warning-in-libraries-phpseclib-c...
-- Michal Čihař | http://cihar.com | http://blog.cihar.com

Le 2015-09-07 03:40, Michal Čihař a écrit :
Hi
Dne Sun, 06 Sep 2015 08:27:19 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Due to [0] should we * require a minimum PHP version of 5.3.27 in libraries/common.inc.php for phpMyAdmin 4.4.15?
* mention this requirement in our doc?
* mention it on the downloads page?
Looking at the comments, it might be actually fixed already in 5.3.7. Also it can quite easily happen that Redhat will backport the fix to their version, so the strict version check doesn't seem like a good solution.
We could try to find out the exact PHP version. My point is that we should not just require a minimum version of PHP 5.3, as this is not true. It affects not just Redhat users but all users having PHP between 5.3.0 and, say, 5.3.7.
The alternative I see, is to remove in time for phpMyAdmin 4.4.15 the phpseclib fix we did for PHP 7 compatibility in phpMyAdmin 4.4.14. However I would prefer to keep this fix in place, because users of PHP 7 would have to upgrade sooner to phpMyAdmin 4.5, which requires PHP 5.5 to 7.0.
What I don't understand is what makes mb_strlen($this->_cookie_iv,'8bit') different from strlen($this->_cookie_iv) in this case.
The stackoverflow question reports three warnings, and the mb_strlen() fix was only for one of the warnings. I am not sure either why the fix works (looks like some unexpected characters were in the cookie-stored IV. The PHP version issue is the explanation for the two other warnings.
[0] http://stackoverflow.com/questions/32349895/warning-in-libraries-phpseclib-c...
_______________________________________________ Developers mailing list Developers@phpmyadmin.net https://lists.phpmyadmin.net/mailman/listinfo/developers
-- Marc Delisle | phpMyAdmin

Dne Mon, 07 Sep 2015 08:10:41 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Le 2015-09-07 03:40, Michal Čihař a écrit :
Hi
Dne Sun, 06 Sep 2015 08:27:19 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Due to [0] should we * require a minimum PHP version of 5.3.27 in libraries/common.inc.php for phpMyAdmin 4.4.15?
* mention this requirement in our doc?
* mention it on the downloads page?
Looking at the comments, it might be actually fixed already in 5.3.7. Also it can quite easily happen that Redhat will backport the fix to their version, so the strict version check doesn't seem like a good solution.
We could try to find out the exact PHP version. My point is that we should not just require a minimum version of PHP 5.3, as this is not true. It affects not just Redhat users but all users having PHP between 5.3.0 and, say, 5.3.7.
But looking at version string is still bad idea here - if Redhat will fix this, their version will be still called 5.3.3, it will just have applied patch which fixes this particular issue.
What I don't understand is what makes mb_strlen($this->_cookie_iv,'8bit') different from strlen($this->_cookie_iv) in this case.
The stackoverflow question reports three warnings, and the mb_strlen() fix was only for one of the warnings. I am not sure either why the fix works (looks like some unexpected characters were in the cookie-stored IV.
This would be then incompatibility which could bite users on other systems as well, though nothing really problematic... -- Michal Čihař | http://cihar.com | http://blog.cihar.com

Le 2015-09-07 08:38, Michal Čihař a écrit :
Dne Mon, 07 Sep 2015 08:10:41 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Le 2015-09-07 03:40, Michal Čihař a écrit :
Hi
Dne Sun, 06 Sep 2015 08:27:19 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Due to [0] should we * require a minimum PHP version of 5.3.27 in libraries/common.inc.php for phpMyAdmin 4.4.15?
* mention this requirement in our doc?
* mention it on the downloads page?
Looking at the comments, it might be actually fixed already in 5.3.7. Also it can quite easily happen that Redhat will backport the fix to their version, so the strict version check doesn't seem like a good solution.
We could try to find out the exact PHP version. My point is that we should not just require a minimum version of PHP 5.3, as this is not true. It affects not just Redhat users but all users having PHP between 5.3.0 and, say, 5.3.7.
But looking at version string is still bad idea here - if Redhat will fix this, their version will be still called 5.3.3, it will just have applied patch which fixes this particular issue.
How about just mentioning it just on the downloads page and the doc then?
What I don't understand is what makes mb_strlen($this->_cookie_iv,'8bit') different from strlen($this->_cookie_iv) in this case.
The stackoverflow question reports three warnings, and the mb_strlen() fix was only for one of the warnings. I am not sure either why the fix works (looks like some unexpected characters were in the cookie-stored IV.
This would be then incompatibility which could bite users on other systems as well, though nothing really problematic...
-- Marc Delisle | phpMyAdmin

Dne Mon, 07 Sep 2015 10:29:42 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Le 2015-09-07 08:38, Michal Čihař a écrit :
Dne Mon, 07 Sep 2015 08:10:41 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Le 2015-09-07 03:40, Michal Čihař a écrit :
Hi
Dne Sun, 06 Sep 2015 08:27:19 -0400 Marc Delisle <marc@infomarc.info> napsal(a):
Due to [0] should we * require a minimum PHP version of 5.3.27 in libraries/common.inc.php for phpMyAdmin 4.4.15?
* mention this requirement in our doc?
* mention it on the downloads page?
Looking at the comments, it might be actually fixed already in 5.3.7. Also it can quite easily happen that Redhat will backport the fix to their version, so the strict version check doesn't seem like a good solution.
We could try to find out the exact PHP version. My point is that we should not just require a minimum version of PHP 5.3, as this is not true. It affects not just Redhat users but all users having PHP between 5.3.0 and, say, 5.3.7.
But looking at version string is still bad idea here - if Redhat will fix this, their version will be still called 5.3.3, it will just have applied patch which fixes this particular issue.
How about just mentioning it just on the downloads page and the doc then?
Sounds good enough. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
participants (2)
-
Marc Delisle
-
Michal Čihař