On 09.06.2018 at 12:03, Dmitry Stogov wrote: > compact(), extract(), parse_str() (with 1 argument) and get_defined_vars() > are bad functions, because they access local variables indirectly.
While I agree that extract() and parse_str() can be dangerous, I don't understand why compact() and get_defined_vars() are “bad”. If the issue is that these functions allow to access (local) variables by their name (given as string), that appears to be not uncommon in PHP; cf. variable variables and $GLOBALS. > They might be considered to be removed in the next major PHP version, despite > of this fix. That would certainly require the RFC process, and in my opinion, a deprecation phase would be very appropriate. Note that parse_str() without second argument is already deprecated as of PHP 7.2.0 and scheduled for removal in the next major version[1]. [1] <https://wiki.php.net/rfc/deprecations_php_7_2?s[]=parse&s[]=str#parse_str_without_second_argument> -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
