> no, as there is no special risks
There certainly is. No other function (as far as I’m aware) mutates your local
symbol table. This means you need to know exactly what symbols are defined and
what kind of data you’ll receive when calling `extract`. So basically this is
only safe right at the beginning of your function, and even then it can
override your other parameters. Even with trusted data this can hardly be
considered safe.
```
function foo(array $data, $bar) {
extract($data);
print($bar);
}
$this->foo(['bar' => 'baz'], 'bar’); // “baz"
```
Regards
On 15 Sep 2017, 23:05 +0200, Stanislav Malyshev <[email protected]>, wrote:
> Hi!
>
> > Dangerous meaning that if given untrusted input someone could mess with
> > the behaviour of your code. There are risks and benefits to every
>
> Same as many other functions. Given untrusted input, unlink() could
> delete files on your hard drive, and file_put_contents() could overwrite
> your data or send it to unauthorized party. That's not the reason to
> remove these functions.
>
> > solution. Certainly you’d agree that in some cases the risks outweigh
> > the benefits.
>
> In some cases, yes. In this case, no, as there is no special risks not
> existing in many other functions. Any function that has side effects
> could do something unexpected when you give it unexpected input. Since
> we're not converting PHP to be purely functional language just yet, the
> solution is to use functions correctly, not remove them.
> --
> Stas Malyshev
> [email protected]
