On Aug 21 2024, at 8:03 am, Rob Landers <rob@bottled.codes> wrote: > > If this is an attack vector for your application, then fully qualified names > is the way to go (WordPress does this nearly everywhere, for example). This is an attack vector for every application and I would argue should be a real concern for the vast majority of applications out there -- any which rely on namespace-based frameworks and composer packages from untrustworthy sources. It's not just Wordpress -- literally every single PHP application that uses a publicly available framework and consumes external composer packages should be FQing their internal function calls. The natural behavior of the language shouldn't be the insecure way of doing things for the sake of maintaining BC compatibility with existing, insecure, code. Cheers, John
- Re: [PHP-DEV] [Concept] Flip relative function lo... Ilija Tovilo
- Re: [PHP-DEV] [Concept] Flip relative functio... Nick Lockheart
- Re: [PHP-DEV] [Concept] Flip relative function lookup ... Bilge
- Re: [PHP-DEV] [Concept] Flip relative function lo... Nick Lockheart
- Re: [PHP-DEV] [Concept] Flip relative functio... Christoph M. Becker
- Re: [PHP-DEV] [Concept] Flip relative functio... Deleu
- [PHP-DEV] Request for RFC Karma Nick Lockheart
- Re: [PHP-DEV] Request for RFC Karma Christoph M. Becker
- Re: [PHP-DEV] [Concept] Flip relative function lo... John Coggeshall
- Re: [PHP-DEV] [Concept] Flip relative functio... Rob Landers
- Re: [PHP-DEV] [Concept] Flip relative fun... John Coggeshall
- Re: [PHP-DEV] [Concept] Flip relative... Ilija Tovilo
- Re: [PHP-DEV] [Concept] Flip rel... John Coggeshall
- Re: [PHP-DEV] [Concept] Flip... John Coggeshall
- Re: [PHP-DEV] [Concept] Flip... Rob Landers
- Re: [PHP-DEV] [Concept] Flip... John Coggeshall
- Re: [PHP-DEV] [Concept] Flip relative function lookup ... Derick Rethans
- Re: [PHP-DEV] [Concept] Flip relative function lo... Ilija Tovilo
