Hello Craig, Very well written RFC, good job!
Others have said it already, but here are my thoughts. Many moons ago, I was on this way as well and the filter extension came out. As it fits for some projects, the actual gains were very far, to say the least, from what I would have expected. Since quite some time, and that thinking is intensified with the support of native annotation, is that such a thing does not fit into the core language(s). It will never be "trustable" 100%, which defeats its main purpose or existance. The large majority of apps or frameworks out there provide their own interface to deal with external data input. Advanced ones like Symfony can provide you an Entity where a parameter is the ID of that entity, handling all safety checks. Others will provide a Request implementation with getters as specific types, etc. This allows it to be tightly linked to the actual usage or logic. It is impossible to even agree on such an interface in the core. As well intended as it looks, I think input data filtering is better implemented in userland. And we may keep ourselves from reintroducing trusted or safe mode, no matter where. I hope I don't sound too negative, I am really convinced this is a bad idea and introducing it again in 8.x will hunt the core for a decade to come. :) Best, On Tue, Jun 22, 2021 at 3:25 AM Craig Francis <cr...@craigfrancis.co.uk> wrote: > > On Sat, 12 Jun 2021 at 18:00, Craig Francis <cr...@craigfrancis.co.uk> > wrote: > > > I'd like to start the discussion on the is_literal() RFC: > > https://wiki.php.net/rfc/is_literal > > > > > To recap, > > - We have chosen the name is_trusted(), based 18 votes for, vs 3 against. > > - Integers are now included, which will help adoption: > > https://wiki.php.net/rfc/is_literal > > (Joe’s currently updating the implementation to have the new name, but all > the functionality is there). > > I’m glad this RFC has been well received; and thank you for all the > feedback, I really think it‘s benefitting the implementation. > > Craig -- Pierre @pierrejoye | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
