I would really like to hear your thoughts on this.
On Thu, Jun 24, 2021, 10:14 PM Eugene Sidelnyk wrote:
> Hello, everybody!
>
> After using nullsafe operator for a while, I have some further thoughts.
> In most cases when we make type nullable, we would use nullsafe operator
> if we don't know
On Thu, 24 Jun 2021 at 21:25, Dan Ackroyd wrote:
> > Please can you go into some detail about what you think people are
> > meant to do when they detect a non-literal used where a literal is
> > expected?
>
> There is a whole load of hand waving going on of "you can protect
> yourself!" but then
On Thu, 24 Jun 2021 at 19:12, Joe Watkins wrote:
>
> we're not
> talking about a function that protects you from all possible security
> concerns or bugs.
I know. We're talking about something that is meant to protect
programmers against silly mistakes.
And this RFC doesn't do that.
It allows s
> On Jun 24, 2021, at 8:04 AM, G. P. B. wrote:
>
> Moreover, the fact that only a very restricted number of programming
> languages, which are some of the earliest languages ever, implement those
> functions should tell you something about programming language design
> as a whole, which is that m
why stop with clamp? add wrap too. imagine being against clamp but ok with
floor and ceiling. lets make our math lib even better.
Hello, everybody!
After using nullsafe operator for a while, I have some further thoughts.
In most cases when we make type nullable, we would use nullsafe operator if
we don't know how to deal with it. This causes clogging main code with this
? signs. Possible solution is to make nullsafe type in
Nobody has demonstrated that "string" . int can lead to anything but
mistakes.
It CANNOT lead to injection, and that's what we're talking about, we're not
talking about a function that protects you from all possible security
concerns or bugs.
The actual definition of injection matters, when we ar
On Thu, Jun 24, 2021 at 11:12 AM Claude Pache wrote:
>
>
>
> > Le 24 juin 2021 à 18:02, Larry Garfield a écrit :
> >
> > On Wed, Jun 16, 2021, at 11:16 AM, Larry Garfield wrote:
> >> Hi folks. The vote for the Partial Function Application RFC is now
> >> open, and will run until 30 June.
> >>
>
> Le 24 juin 2021 à 18:02, Larry Garfield a écrit :
>
> On Wed, Jun 16, 2021, at 11:16 AM, Larry Garfield wrote:
>> Hi folks. The vote for the Partial Function Application RFC is now
>> open, and will run until 30 June.
>>
>> https://wiki.php.net/rfc/partial_function_application
>>
>> Of p
> On Jun 24, 2021, at 6:33 AM, Stephen Reay wrote:
>
>> On 24 Jun 2021, at 17:07, Kamil Tekiela wrote:
>>
>> Hi Stephen,
>>
>> I believe the idea was for dynamically generate table names, or numbered
>> tables/columns. E.g.
>>
>> function getTable(string $table){
>>// is_literal check
On Thu, Jun 24, 2021, at 11:18 AM, Scott Arciszewski wrote:
> On Thu, Jun 24, 2021 at 5:22 AM Stephen Reay wrote:
> 1. I never claimed that it wasn't a bug.
> 2. I never claimed it wasn't impactful.
> 3. I never claimed it wasn't security-affecting.
>
> I've simply said that this isn't an exampl
On Thu, Jun 24, 2021 at 5:22 AM Stephen Reay wrote:
> > If you **inject a `1=1` clause where one didn't exist before**, that's
> > injection. Notice the introduction of an OR operator in the examples
> > you cited.
>
> Please, explain to us all, how `where foo=‘bar’ OR 1=1` is functionally
> diff
> On Jun 24, 2021, at 7:59 AM, Pierre wrote:
>
> Le 24/06/2021 à 11:44, Michał Marcin Brzuchalski a écrit :
>> I get an impression that we constantly add things into standard library
>> which are from a language perspective irrelevant
>> and that all could be developed in userland with no harm
On Wed, Jun 16, 2021, at 11:16 AM, Larry Garfield wrote:
> Hi folks. The vote for the Partial Function Application RFC is now
> open, and will run until 30 June.
>
> https://wiki.php.net/rfc/partial_function_application
>
> Of particular note, a few people had asked about using ...? instead of
чт, 24 июн. 2021 г. в 17:38, Claude Pache :
> Le 18 juin 2021 à 16:35, Дмитрий Елисеев a écrit :
>
> Hello! When I use a static anonymous function as an HTTP-action in
> some frameworks like:
>
> $app = new App();
> $app->get('/', static function () {
> return new Response('Hello!);
> })
>
> I g
PHP 8.1.0alpha2 has just been released and can be downloaded from:
https://downloads.php.net/~patrickallaert/
Or use the git tag: php-8.1.0alpha2
Windows binaries are available at: https://windows.php.net/qa/
Please test it carefully, and report any bugs at https://bugs.php.net
8.1.0alpha3 shou
> Le 18 juin 2021 à 16:35, Дмитрий Елисеев a écrit :
>
> Hello! When I use a static anonymous function as an HTTP-action in
> some frameworks like:
>
> $app = new App();
> $app->get('/', static function () {
> return new Response('Hello!);
> })
>
> I get a warning "Cannot bind an instance t
18 june 2021 at 17:35, Dmitry Eliseev :
>
> Hello! When I use a static anonymous function as an HTTP-action in some
> frameworks like:
>
> $app = new App();
> $app->get('/', static function () {
>return new Response('Hello!);
> })
>
> I get a warning "Cannot bind an instance to a static closur
> I can also imagine bikeshed...
This is what can be discussed apart from whether these function come
to PHP. I am waiting for the other voices; there is surely someone
that can come up with a more creative name, a name that is short yet
descriptive.
> str_left_part/str_right_part is just what ca
On Thu, 24 Jun 2021 at 07:20, Hamza Ahmad
wrote:
> HI George,
>
> > I really don't see the point of these functions.
>
> These functions provide a clearer semantics for their usage.
Are they though? The naming doesn't convey anything as pointed out by Kamil.
> Substr,
> as Sara has mentioned
Le 24/06/2021 à 11:44, Michał Marcin Brzuchalski a écrit :
I get an impression that we constantly add things into standard library
which are from a language perspective irrelevant
and that all could be developed in userland with no harm.
Cheers,
--
Michał Marcin Brzuchalski
Hello,
I respectfu
On 24.06.21 13:17, Kamil Tekiela wrote:
I am against adding these functions, but for different reasons than Sara
and George.
If we add str_left and str_right then there should be a corresponding
variant in mbstring. The byte-string functions are rarely useful. Adding
these functions to mbstring u
HI Kamil,
Thanks for the opinions. I have two questions:
1. Though it's true that naming choice is something to discuss about,
is it really a big issue that can prevent from these functions to be
introduced? We can ask both developers and user community about the
name choice.
2. Since my basic goa
On Thu, Jun 24, 2021 at 1:17 PM Kamil Tekiela wrote:
> I am against adding these functions, but for different reasons than Sara
> and George.
> If we add str_left and str_right then there should be a corresponding
> variant in mbstring. The byte-string functions are rarely useful. Adding
> these
I am against adding these functions, but for different reasons than Sara
and George.
If we add str_left and str_right then there should be a corresponding
variant in mbstring. The byte-string functions are rarely useful. Adding
these functions to mbstring unnecessarily complicates the extension for
On 24/06/2021 11:35, Stephen Reay wrote:
On 24 Jun 2021, at 17:16, Craig Francis wrote:
On Thu, 24 Jun 2021 at 10:55, Stephen Reay wrote:
but still I have to keep asking: Why integers at all?
While I'm not a fan of this approach, there is a lot of existing code and
tutorials that use:
$s
> On 24 Jun 2021, at 17:16, Craig Francis wrote:
>
> On Thu, 24 Jun 2021 at 10:55, Stephen Reay wrote:
>
>> but still I have to keep asking: Why integers at all?
>>
>
>
> While I'm not a fan of this approach, there is a lot of existing code and
> tutorials that use:
>
> $sql = 'WHERE id
> On 24 Jun 2021, at 17:07, Kamil Tekiela wrote:
>
> Hi Stephen,
>
> I believe the idea was for dynamically generate table names, or numbered
> tables/columns. E.g.
>
> function getTable(string $table){
> // is_literal check here
> }
>
> $number = (int) $_GET['tableno'];
> if($number
On Thu, 24 Jun 2021 at 10:55, Stephen Reay wrote:
> but still I have to keep asking: Why integers at all?
>
While I'm not a fan of this approach, there is a lot of existing code and
tutorials that use:
$sql = 'WHERE id IN (' . implode(',', array_map('intval', $ids)) . ')';
$sql = sprintf('SEL
Hi Stephen,
I believe the idea was for dynamically generate table names, or numbered
tables/columns. E.g.
function getTable(string $table){
// is_literal check here
}
$number = (int) $_GET['tableno'];
if($number < 0 || $number > 10) {
throw new Exception("Invalid number");
}
$tablename
> On 24 Jun 2021, at 14:29, Scott Arciszewski wrote:
>
> On Thu, Jun 24, 2021 at 2:10 AM Stephen Reay wrote:
>>
>>
>>
>> On 24 Jun 2021, at 08:30, Scott Arciszewski wrote:
>>
>> On Wed, Jun 23, 2021, 9:23 PM Bruce Weirdan wrote:
>>
>> On Thu, Jun 24, 2021 at 3:41 AM Scott Arciszewski
>
czw., 24 cze 2021 o 02:15 tyson andre
napisał(a):
> Hello Kim Hallberg,
>
> > The RFC for the clamp function is now open and under discussion, you now
> have 2 weeks
> > to discuss, suggest improvements and open issues before voting is
> considered.
>
>
> From https://wiki.php.net/rfc/clamp -
>
>
> On 24 Jun 2021, at 14:14, Scott Arciszewski wrote:
>
> On Thu, Jun 24, 2021 at 2:10 AM Stephen Reay wrote:
>> Hi Scott,
>>
>> I wrote that example where an integer could be dangerous.
>
> I don't disagree that it's an example where an integer could be dangerous.
>
> Danger is too broad t
On Thu, Jun 24, 2021 at 4:34 AM Guilliam Xavier
wrote:
>
>
> On Thu, Jun 24, 2021 at 9:14 AM Scott Arciszewski wrote:
>>
>> On Thu, Jun 24, 2021 at 2:10 AM Stephen Reay
>> wrote:
>>
>> > I would absolutely make use of a function that tells me if the string
>> > given is in fact from something
On Thu, Jun 24, 2021 at 9:14 AM Scott Arciszewski
wrote:
> On Thu, Jun 24, 2021 at 2:10 AM Stephen Reay
> wrote:
>
> > I would absolutely make use of a function that tells me if the string
> given is in fact from something controlled by the developer. But once that
> same string can also include
On Thu, Jun 24, 2021 at 12:51 AM Sara Golemon wrote:
>
> [...] I'm
> not going to vote for it though, because it belongs in composer/packagist
> land, not in core. I've listed the reasons for this in the str_contains()
> threads, feel free to reference those, they're still valid and correct.
>
On Wed, Jun 23, 2021 at 11:54 PM Rowan Tommins
wrote:
> On 23/06/2021 22:28, Christoph M. Becker wrote:
> > substr() is about bytes, not characters. They all may have upvoted the
> > wrong answer. The only correct answer has just 17 upvotes.
>
>
> Just to out-pedant you, I'll point out that wha
On Thu, Jun 24, 2021 at 2:10 AM Stephen Reay wrote:
>
>
>
> On 24 Jun 2021, at 08:30, Scott Arciszewski wrote:
>
> On Wed, Jun 23, 2021, 9:23 PM Bruce Weirdan wrote:
>
> On Thu, Jun 24, 2021 at 3:41 AM Scott Arciszewski
> wrote:
>
> The failure condition of this query is
> "return all rows from
On Thu, Jun 24, 2021 at 2:10 AM Stephen Reay wrote:
> Hi Scott,
>
> I wrote that example where an integer could be dangerous.
I don't disagree that it's an example where an integer could be dangerous.
Danger is too broad to have a meaningful discussion about. You can, of
course, always do danger
39 matches
Mail list logo
