> Le 18 mars 2022 à 18:49, Paul Dragoonis <dragoo...@gmail.com> a écrit :
>
> I think the original goal of this RFC is to make PHP more expressive, and
> less clunky (look at Jav). This is a good goal and one much desired by the
> community, but I think the approach here isn't the right fit or way to
> achieve it
>
> Writing code in strings is a DX nightmare, and static analysis challenge.
>
> PHP is improving onto a more verbose, typed, but exprsssive language, and
> this change would make that harder.
>
> I'm also thinking if this could become a LCE/RCE vulnerability in a type of
> eval() situation. Not a huge point but just an observation.
>
> Happy to re evaluate a new approach to solve the same problem that doesn't
> involve coding inside strings.
Although I agree that code execution in strings is not a great idea, it should
be noted that this is already possible today, so that this proposal does not
add a new capability. Indeed, the proposed syntax:
"{$:/* arbitrary expression here */}";
is equivalent to:
$expr = fn($_) => $_;
"{$expr(/* arbitrary expression here */)}";
—Claude
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
