On Wed, Apr 29, 2015 at 10:42 PM, Stanislav Malyshev <smalys...@gmail.com> wrote:
> Hi! > > > "int" Cast is bad. Incorrect "int" type hint worse as it could trigger > DoS. > > I do not see any potential for DoS here. Trying to assign security > implications so it looks like disagreeing with you jeopardizes security > is not a good idea. If your code accepts non-numeric data and puts it to > functions that except integers without validation, it is bad code and > "numeric" hint would not help here, as unvalidated data can contain > anything. If unexpected input causes denial of service in your code, it > is a code architecture problem, which should not be solved by adding > stuff to PHP. > > > It's not all, but the main issue here is 32 bit CPU & PHP int is too > > small for > > database record IDs. > > Correct way to go there is treating these IDs as strings or objects and > having code that handles them properly. If they do not fit PHP int, they > should not be used with functions that expect int. > > > To maximize compatibility, arbitrarily size of int/float like > > string/value should be > > accepted as numeric(or int/float). > > No, it should not be, since they are neither int nor float. > I have to strongly agree with Stanislaw here. If you are getting strings from the DB because they don't fit in int, leave them as strings. If someone breaks the code by adding the wrong type hints, then they have broken the code. Stop trying to fix clever idiots from shooting themselves in the foot. The standard result from these actions is to make life a pain for regular or better programmers while only adding mild speed bumps to those clever idiots. Things like a numeric type will only encourage the clever idiots to write half broken code. We just had to fix ZIP codes because the look like integers, so they get processed and stored as integers. But this can break things when dealing with New Jersey, which has ZIP codes like 07101. If you drop the lead zero, then you have a different string/number and it can (and does) cause issues. Walter > > -- > Stas Malyshev > smalys...@gmail.com > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis
