Hi! > Any reflector-based system, such as a serializer, an ORM or just a > dependency injection or configuration loader would be able to do operations > in a much more precise and less complex way.
This should be solved by annotations. Yes, I know all the story, but it does not change the fact that ORM serialization is not the same as internal PHP typing, and arguing we need to change PHP typing system because it makes it easier for (a particular) ORM serializer is putting the cart in front of the horse. > Having a configuration system that expects to call setters with specific > parameter types can allow the configuration system to validate the given > data upfront, providing meaningful exceptions to the user, without having > to write an entire separate config specification. We already have system that provides meaningful exceptions to the user. It's called PHP engine. The system you describe changes nothing but wording of error messages. This is not really worth changing the typing system in PHP. > Having a serializer that expects certain types of data allows rejecting any > kind of value that is possibly insecure, and would cause a RCE > vulnerability by unserializing a value into something with a malicious > `__wakeup` in it. All examples of unserialize problems so far were in the engine and those examples have all the types already known, the problem was/is unserializer has no way to use this information. This problem is not solved by adding more syntax. > In general, improving the type system provides a much more interesting and > practical playground for any kind of tool that would rely on static That's my point - "more interesting playground" does not sound like a reason enough to mess with the type system of the language used by millions. This sounds like a good description of a thesis project or a academic proof-of-concept language, not something mature widely-used language prizing simplicity should be aiming for. I completely agree that *if* we added a ton of shiny things into PHP then there would be a lot of interesting stuff to play with. I am saying that is not the reason enough to actually add them. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
