> Larry Garfield hat am 20.06.2024 19:38 CEST
> geschrieben:
>
>
> Hello, peoples.
>
> Ilija and I have been working on and off on an RFC for pattern matching since
> the early work on Enumerations. A number of people have noticed and said
> they're looking forward to it.
>
> It's definitely
> Sara Golemon hat am 14.02.2024 19:47 CET geschrieben:
>
>
> Good afternoon folks, I'd like to open discussion on adding OOP APIs to the
> cURL extension.
> https://wiki.php.net/rfc/curl-oop
>
> This has been a long standing bug-bear of mine, and I think its time has come.
>
> try {
> (new \Curl
Hi Alan,
regarding "String to Number Comparison", you can cast the value to int to get
the old behaviour:
php -r "var_dump(0 == (int) '0');"
php -r "var_dump(0 == (int) '0.0');"
php -r "var_dump(0 == (int) 'foo');"
php -r "var_dump(0 == (int) '');"
php -r "var_dump(42 == (int) ' 42');"
php -r "v
I fully understand your point, having more tests is the best thing to do.
Unfortunately many old code bases are not written to be tested easily. There is
excessive inheritence, traits, reflection, globals, static calls, missing DI,
magic functions, feature flags, database dependancies (e.g. 1 re
Regards
Thomas
> Tim Düsterhus hat am 10.04.2023 16:48 CEST geschrieben:
>
>
> Hi
>
> On 4/10/23 16:37, Thomas Bley wrote:
> > Regarding compatibility promise, I'd also like to mention that things are
> > quite complex now, e.g.
> >
> > h
Regarding compatibility promise, I'd also like to mention that things are quite
complex now, e.g.
https://3v4l.org/VfAr4
has 4 different outputs between php 7.x and 8.x. From userland perspective,
having Craig Francis hat am 10.04.2023 14:58 CEST
> geschrieben:
>
>
> On 9 Apr 2023, at 23:
Hello,
since there are currently no type declarations for specific arrays (int[],
string[], MyClass[], etc.), I'd like to ask if it would make sense to have a
function array_get_type() in php core?
As I'm not a C developer, I can only ask for your help for the implementation.
I think having it
Hello,
I'd also like to propose to use null:
[null, null, $username] = getUserData();
foreach ($source as $key => null) {}
Regards
Thomas
> David Rodrigues hat am 02.09.2020 16:24 geschrieben:
>
>
> I think "void" is a good solution and is very clear, compared to "_".
>
> [void, void, $us
> Marco Pivetta hat am 5. Mai 2020 um 16:11 geschrieben:
>
> Hey Nikita,
> On Tue, May 5, 2020 at 3:51 PM Nikita Popov wrote:
> > Hi internals,> I've recently started a thread on resurrecting the named
> > arguments proposal(https://externals.io/message/109549), as this has come
> > up tangent
haviour punishes
> future users of PHP for our past mistakes.
> > On Aug 28, 2019, at 12:05 PM, Thomas Bley wrote:
> >
> > Normally every code base has old and new code, some is actively maintained,
> > some is probably third-party maintained, some is unmainta
Normally every code base has old and new code, some is actively maintained,
some is probably third-party maintained, some is unmaintained. Business
normally not calculates costs for upgrading, securing, GDPRing old code, so
bigger changes always leave some people behind.
I would prefer to write
Hello,
I understand that breaking changes always need extra work, but in this case I
think it's a quick change. On my code base (mostly legacy with 1.8m lines), I
ran this and got 10 matches to check:
grep -rin " vsura...@gmail.com hat am 24. April 2019 um 15:41 geschrieben:
>
>
> FWIW,
>
>
Nikita Popov wrote on 24.01.2019 15:40:
> On Thu, Jan 24, 2019 at 3:08 PM Larry Garfield
> wrote:
>
>> On Thu, Jan 24, 2019, at 8:02 AM, Nicolas Grekas wrote:
>> > Thank you Nikita,
>> >
>> > the RFC looks solid to me. Using magic methods makes perfect sense to
>> allow
>> > a smooth migration p
Semen Dubina wrote on 07.01.2019 16:38:
> Hi, everyone!
> Original PR and description see: https://github.com/php/php-src/pull/3460.
>
> Because of the accuracy constraint set by the 'precision' variable, debugging
> problems often occur, and many developers consider the limited accuracy to be
>
Nikita Popov wrote on 14.06.2018 10:35:
> On Thu, Jun 14, 2018 at 6:53 AM, Sara Golemon wrote:
>
>> Just for casual discussion at this point:
>> https://github.com/php/php-src/pull/3297
>>
>> switch ($a) {
>> case FOO:
>> // Works exactly as current behavior.
>> break;
>> case ==
why not have a new session module? those who want no change for existing
applications keep the old one, new projects can use the new one, those who want
more security port their code to the new one. e.g. use session2_start(), etc.
Regards
Thomas
Yasuo Ohgaki wrote on 25. Sept 2016 22:35:
> Hi
> it's just that no one except you thinks this is a good solution
it's just that no one - who is allowed to vote and wants to vote - thinks this
is a good solution.
Regards
Thomas
Rasmus Schultz wrote on 07.08.2016 13:06:
> Looks like it's unanimously a No.
>
> Michael, don't be discouraged
Hi!
having a complete trace from an exception would be great:
function shutdown() {
$e = new Exception();
echo $e->getTraceAsString();
}
function test() {
exit;
}
register_shutdown_function('shutdown');
test();
gives:
#0 [internal function]: shutdown()
#1 {main}
Regards
Thomas
Bishop B
> This can be done with e.g. "".
sometimes you also need to sanitize html, e.g.
see http://htmlpurifier.org/
Regards
Thomas
Michael Vostrikov wrote on 30.07.2016 16:01:
>> This new tag will not simply replace because you still need
> to output HTML sometimes.
>
> This can be done with e.g.
wrote on 28.07.2016 10:29:
> On 27 July 2016 23:45:10 GMT+01:00, Thomas Bley wrote:
>>> In many ways, defining a built-in function e($string, $context) would
>>
>>> fulfil most of the above.
>>
>>If things are so easy, why does so much code exist with XSS prob
> In many ways, defining a built-in function e($string, $context) would
> fulfil most of the above.
If things are so easy, why does so much code exist with XSS problems?
Regards
Thomas
Rowan Collins wrote on 27.07.2016 22:57:
> On 26/07/2016 14:15, Michael Vostrikov wrote:
>> Ok. Just ask you,
fix code
that is using the frameworks in a wrong way.
Regards
Thomas
Rowan Collins wrote on 24.07.2016 20:29:
> On 24/07/2016 19:09, Thomas Bley wrote:
>>> Then why is absolutely everything in the current RFC optional and
>>> configurable to the Nth degree?
>> It&#x
eption_handler(),
spl_autoload_register(), error_reporting(), etc., this concept is proven to
work.
> In my opinion, they are central to the feature, not an optional extra.
maybe you can join the rfc and provide the implementation?
Regards
Thomas
Rowan Collins wrote on 24.07.2016 19:41:
> On
Regards
Thomas
Christoph Becker wrote on 24.07.2016 18:52:
> On 24.07.2016 at 18:21, Thomas Bley wrote:
>
>>>
>>>
>>> instead of
>>>
>>>
>>
>> benefits are using static code analyzers, grep "
> Well, something like
ring to use the right syntax, which
> you have to do either way.
the thing here is that people can use https://github.com/phpmyadmin/phpmyadmin.git
git log | grep -i xss | wc -l
206
Regards
Thomas
Rowan Collins wrote on 24.07.2016 18:39:
> On 24/07/2016 17:21, Thomas Bley wrote:
>&
1742f2
Regards
Thomas
Thomas Bley wrote on 24.07.2016 18:21:
>>
>>
>> instead of
>>
>>
>
> benefits are using static code analyzers, grep " Having function names with single characters is bad taste and only useful for
> obfuscating.
> Using m
>
>
> instead of
>
>
benefits are using static code analyzers, grep " On 24.07.2016 at 16:55, Thomas Bley wrote:
>
>> In total a good rfc everybody should be happy with.
>
> I'm not happy (to put it mildly) with the RFC as it's now. The RFC
>
php already uses ?: for ternary operator, so users get a bit confused by using
it for escaping.
>
this allows multiple interpretations:
meaning $a context $b
meaning $a | $b context 'html'
> $b ?>
|> may be used by Pipe Operator rfc, if vote is successful
> if ($context == 'html') {
to me this code is perfectly readable and static code analysis is only
complaining about missing semicolons at the end of the lines and short variable
names:
$x = loadConfig();
$x = buildDic($x);
$x = getApp($x)
$x = getRouter($x)
$x = getDispatcher($x, $request)
$x = dispatchBusinessLogic($x, $
> Hacking non FQN resolutions to inject another
> escaper implementation as in "" was a
> creative idea but it seems inconsistent with the preferable "PHP way" to
> handle these edge cases.
Just imagine use cases like:
That way people can use the escaping operator in all kinds of templates w
if I see it correctly, this is just a framework for defining callbacks to a
escaping operator, without a implementation of "html" and "js"?
Not sure if this helps.
Regards
Thomas
Michael Vostrikov wrote on 16.07.2016 17:33:
> Hello.
> I have created RFC about context-dependent escaping operator
features, we should
> improve the features we already have instead, which benefits the
> language as a whole, not just templates. Improving on functions is
> long over due...
>
>
> On Thu, Jun 30, 2016 at 9:52 PM, Thomas Bley wrote:
>> I would prefer to have ENT_HTML5
I would prefer to have ENT_HTML5 as the default flag included, since normally
all new html code is html5.
Maybe split voting between I've tried to gather all arguments for and against.
>
> To be clear. I suggest new operator like '' which is
> equivalent of .
> It is only for HTML context. Flag
Of course you can make the discussion endless by mentioning escaping of all
kinds of third party frameworks like jQuery, but that's a bit off-topic here.
As mentioned a few times in this thread, ... when I
click reply :)
Rowan Collins wrote on 21.06.2016 00:00:
> On 20 June 2016 17:40:05 GMT+0
to make it more clear:
is a shortcut for:
Using 2016-06-20 11:12 GMT+02:00 Lester Caine :
>
>> On 20/06/16 07:00, Niklas Keller wrote:
>> >> Now ... I want to add content that includes
>> >> > it needs to be in the format
>> >> >