Re: [PHP-DEV] SensitiveParameterValue serialization behavior

> Am 26.02.2022 um 12:49 schrieb Dan Ackroyd : > > On Thu, 24 Feb 2022 at 14:11, Tim Düsterhus, WoltLab GmbH > wrote: >> >> I see two possible options to remediate this issue: >> >> --- >> >> 1. Disallow both serialization and unserialization. >> >> This will make the serialization

Re: [PHP-DEV] Allowing NULL for some internal functions

On Mon, 28 Feb 2022 at 22:11, Christian Schneider wrote: > Am 28.02.2022 um 22:05 schrieb Christoph M. Becker : > > The BC break doesn't appear to be that serious after all. > > I'm not sure I get your point here: If you provide a user-land > implementation of the previous behavior under a

Re: [PHP-DEV] Allowing NULL for some internal functions

On Mon, 28 Feb 2022 at 17:35, Guilliam Xavier wrote: > Call me devil's advocate, but is it too late to discuss revisiting past > decisions and consider changing direction towards 1 for userland functions > Hi Guilliam, tbh, for those who use `strict_types=1` nothing changes, so we can ignore

Re: [PHP-DEV] Allowing NULL for some internal functions

Am 28.02.2022 um 22:05 schrieb Christoph M. Becker : > On 28.02.2022 at 21:51, Craig Francis wrote: > >> And after all of this, no-one has come up with a way to find or address >> this problem, e.g. >> >> > $nullable = ($_GET['a'] ?? NULL); >> echo htmlentities($nullable); >> ?> > > function

Re: [PHP-DEV] Allowing NULL for some internal functions

On 28.02.2022 at 21:51, Craig Francis wrote: > And after all of this, no-one has come up with a way to find or address > this problem, e.g. > >$nullable = ($_GET['a'] ?? NULL); > echo htmlentities($nullable); > ?> The BC break doesn't appear to be that serious after all. -- Christoph M.

Re: [PHP-DEV] Allowing NULL for some internal functions

On Mon, 28 Feb 2022 at 17:42, Larry Garfield wrote: > Bringing internal functions into line with user-space was the correct > move. There may be internals functions that make sense to be nullable on > their own right, on a case by case basis. We can evaluate that case by > case. > Thanks

Re: [PHP-DEV] Allowing NULL for some internal functions

On Mon, 28 Feb 2022 at 16:41, Dik Takken wrote: > In my view, consistency between internal and userland functions brings a > lot of value, and not only for the language itself. Thanks Dik, I agree that consistency is very important, and I do not want to stop that... I just recognise that

Re: [PHP-DEV] Allowing NULL for some internal functions

On Mon, Feb 28, 2022, at 11:35 AM, Guilliam Xavier wrote: > On Mon, Feb 28, 2022 at 5:41 PM Dik Takken wrote: > >> >> In my view, consistency between internal and userland functions brings a >> lot of value, and not only for the language itself. As soon as internal >> and userland become fully

Re: [PHP-DEV] Allowing NULL for some internal functions

On Mon, Feb 28, 2022, at 5:28 AM, Mark Randall wrote: > On 28/02/2022 01:46, Craig Francis wrote: >> Personally I think `strict_types=1` is fine for my code, but I would never >> want to force that style on everyone, because doing so would be fairly >> hostile for a language that's popular and

Re: [PHP-DEV] Allowing NULL for some internal functions

On Mon, Feb 28, 2022 at 5:41 PM Dik Takken wrote: > > In my view, consistency between internal and userland functions brings a > lot of value, and not only for the language itself. As soon as internal > and userland become fully consistent it will become a lot easier to > write "internal"

Re: [PHP-DEV] Allowing NULL for some internal functions

On 21-02-2022 10:04, Christoph M. Becker wrote: That "inconsistency" had been introduced with PHP 7.0.0, i.e. right when scalar type declarations have been introduced. Passing a null to a non-nullable parameter of a *userland* function throws a TypeError: . As of PHP

Re: [PHP-DEV] SensitiveParameterValue serialization behavior

Hi Internals! On 2/24/22 15:11, Tim Düsterhus, WoltLab GmbH wrote: Please find the thread in the GitHub PR at: https://github.com/php/php-src/pull/7921#discussion_r813743903 […] 1. Disallow both serialization and unserialization. This will make the serialization issue very obvious, but will

Re: [PHP-DEV] SensitiveParameterValue serialization behavior

Hi again, FWIW, Dan's and Claude's explanations (thanks!) and arguments made me change my preference to option 1 (i.e. make SensitiveParameterValue not serializable, period). Best regards, -- Guilliam Xavier

Re: [PHP-DEV] Allowing NULL for some internal functions

On 28/02/2022 01:46, Craig Francis wrote: Personally I think `strict_types=1` is fine for my code, but I would never want to force that style on everyone, because doing so would be fairly hostile for a language that's popular and well known for being easy to use/learn. Magically coercing