Here is a small patch to (partially, anyhow) remove prosody's
reliance on Lua's implicit string-to-number coercion 'feature'.

Why do so?  Since it was met with some disapproval in the
chatroom, let me try to justify it here:

(1) While removal of this 'feature' from core Lua is
controversial, there is a significant portion of the Lua community
as represented on the lua-l list that prefers its removal
(probably the majority), and the fact that a compile-time option
to remove it was included in Lua 5.3 may indicate where the Lua
team is thinking of heading in future versions.

(2) It really doesn't have any downside; an explicit call to
tonumber() is not much different than a implicit call.  I really
have never heard anyone articulate the slightest actual advantage
to relying on it (rather, some people do express distaste for
removing it from core Lua, but that is not the same thing).

(3) Personally I consider it to be far cleaner to explicitly
indicate when a number is provided (and when one is expected)
rather than what I consider to be a "sloppy", anything-goes style
of programming -- maybe it's just my bigoted static-typed
prejudice, but I think it inevitably makes certain bugs harder to
find (i.e. found by the user rather than the developer, which I
consider inferior quality control), with no countering advantage.

Note that this is not to be conflated with automatic
number-to-string conversion, which is a separate issue, frowned
upon by some, but much less so than the inverse.

This is perhaps not the only place where the code relies on this
behavior, but it's the only one that I've found to date, and
rather than sit on a patched local version, I'd prefer to run a
vanilla codebase.  I am unfamiliar with hg; this patch is
formatted such that the entire email can be fed to
"git am --scissors" to apply it, while ignoring the rest of the
email body; should you decide to use it, I don't know what is
the equivalent with hg or whether the format is appropriate.

Thanks for your consideration,

-- >8 --
Subject: [PATCH] Do not rely on auto string-to-number coercion

Signed-off-by: David Favro <pros...@meta-dynamic.com>
 core/certmanager.lua | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/core/certmanager.lua b/core/certmanager.lua
index a4c9d89..3035d9a 100644
--- a/core/certmanager.lua
+++ b/core/certmanager.lua
@@ -35,8 +35,7 @@ local prosody = prosody;
 local resolve_path = require"util.paths".resolve_relative_path;
 local config_path = prosody.paths.config;
-local luasec_major, luasec_minor = ssl._VERSION:match("^(%d+)%.(%d+)");
-local luasec_version = luasec_major * 100 + luasec_minor;
+local luasec_version = tonumber(ssl._VERSION:match("^(%d+%.%d+)")) * 10;
 local luasec_has = {
        -- TODO If LuaSec ever starts exposing these things itself, use that 
        cipher_server_preference = luasec_version >= 2;

You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at https://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.

Reply via email to