On Sat, Sep 30, 2023, at 10:18 AM, Niels Dossche wrote:
> Hi internals
>
> I'm looking to address https://bugs.php.net/bug.php?id=71571.
> TL;DR: XSL has a maximum recursion depth, and it may even depend on the
> distro/OS config.
> For complex inputs you may reach this limit, but PHP offers no way to
> change that limit.
>
> As we already have methods in XSLTProcessor to configure certain things
> (e.g. setProfiling, setSecurityPrefs), it may be an idea to add
> `setMaxDepth(int $depth)` or something alike.
>
> Unfortunately, XSLTProcessor is non-final, so if a user class extends
> this class and coincidentally already has a method with the same name
> but incompatible signature, then they would get a compile error.
>
> What do you think?
>
> Kind regards
> Niels
In context, I cannot imagine why someone would have a setMaxDepth() method with
that name, since, AIUI, they wouldn't be able to actually set the max depth.
So I think the chances of there being a conflict are extremely remote, and an
acceptable risk.
This could be verified by doing a "top packages" scan using Nikita's script,
which is probably a good step anyway.
--Larry Garfield
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
