Re: [PHP-DEV] Core functions throwing exceptions in PHP7
Would a PHP Error not work in this case? Or would the error then be interpreted as the result? On 14 Jul 2015, at 23:04, Sammy Kaye Powers m...@sammyk.me wrote: Hello lovely PHP nerds, There are two open PR's for PHP7 to modify the behavior of the CSPRNG's: https://github.com/php/php-src/pull/1397 (main discussion) https://github.com/php/php-src/pull/1398 Currently the random_*() functions will issue a warning and return false if a good source of random cannot be found. This is a potential security hole in the event the RNG fails and returns false which gets evaluated as 0 in a cryptographic context. To prevent this exploit the proposed behavior will throw an Exception when the RNG fails or certain argument validation fails. This also gives the developer a graceful way to fall back to an alternate CSPRNG. Since the core functions in PHP don't throw Exceptions, there is debate on whether or not this change should be implemented. Some say the CSPRNG's should get a special pass since they will be relied on for cryptography. If we can't throw Exceptions, there were suggestions of raising a fatal error if the RNG fails. I think the argument can be boiled down to consistency vs security. We'd love to hear your feedback to decide what we should do in this context. :) Thanks, Sammy Kaye Powers sammyk.me Chicago, IL 60604 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] JsonSerializable New Interface method Proposal
Ive just opened a new RFC https://wiki.php.net/rfc/jsonserializable regarding Json to Object unserialization.
Re: [PHP-DEV] JsonSerializable New Interface method Proposal
The Additional function you have proposed seems like the easiest and best way to do it currently without changing the language. I was thinking of giving the cast syntax special meaning if used in connection with json_decode, but this would most likely be near to impossible. On Jul 13, 2015, at 04:08 PM, Sebastian B.-Hagensen sbj.ml.r...@gmail.com wrote: Hi, I like the general idea behind that proposal. I'm not sure how you would want to implement that however (please expand the rfc on that topic). Do you want to give the cast syntax a special meaning if used in connection with json_decode or add the general ability to cast a stdClass object (as returned by json_decode) to a specific user type or do you want to change json_decode to return a new class (extending stdclass) that can be casted in the way you want? The first two could be considered fundamental changes to the language, the third may include serious bc concerns. Wouldn't an additional function (maybe in addition to your proposed interface; example: json_decode_to(string $json, string $className, int $options)) solve the issue without changing the language? Regards, 2015-07-13 15:22 GMT+02:00 Dean Eigenmann dean.eigenm...@icloud.com: Ive just opened a new RFC https://wiki.php.net/rfc/jsonserializable regarding Json to Object unserialization.
Re: [PHP-DEV] JsonSerializable New Interface method Proposal
I think the suggested decode function would be the best way to handle this. On Jul 13, 2015, at 04:20 PM, guilhermebla...@gmail.com guilhermebla...@gmail.com wrote: What about JsonDeserializable? I would like to have the choice to have a serialize-only operation. On Mon, Jul 13, 2015 at 10:13 AM, Dean Eigenmann dean.eigenm...@icloud.com wrote: The Additional function you have proposed seems like the easiest and best way to do it currently without changing the language. I was thinking of giving the cast syntax special meaning if used in connection with json_decode, but this would most likely be near to impossible. On Jul 13, 2015, at 04:08 PM, Sebastian B.-Hagensen sbj.ml.r...@gmail.com wrote: Hi, I like the general idea behind that proposal. I'm not sure how you would want to implement that however (please expand the rfc on that topic). Do you want to give the cast syntax a special meaning if used in connection with json_decode or add the general ability to cast a stdClass object (as returned by json_decode) to a specific user type or do you want to change json_decode to return a new class (extending stdclass) that can be casted in the way you want? The first two could be considered fundamental changes to the language, the third may include serious bc concerns. Wouldn't an additional function (maybe in addition to your proposed interface; example: json_decode_to(string $json, string $className, int $options)) solve the issue without changing the language? Regards, 2015-07-13 15:22 GMT+02:00 Dean Eigenmann dean.eigenm...@icloud.com: Ive just opened a new RFC https://wiki.php.net/rfc/jsonserializable regarding Json to Object unserialization. -- Guilherme Blanco MSN: guilhermebla...@hotmail.com GTalk: guilhermeblanco Toronto - ON/Canada
Re: [PHP-DEV] JsonSerializable New Interface method Proposal
I have updated the RFC with a new section showing the updates Sent from my iPhone On 13 Jul 2015, at 20:47, Benjamin Eberlei kont...@beberlei.de wrote: On Mon, Jul 13, 2015 at 3:22 PM, Dean Eigenmann dean.eigenm...@icloud.com wrote: Ive just opened a new RFC https://wiki.php.net/rfc/jsonserializable regarding Json to Object unserialization. The approach with typecasting will not work, because the function json_decode doesn't have that information. Instead something like the JMS Serializer api is probably necessary: $user = json_decode($data, 'User'); I agree with Guilherme that we need a second interface for this, especially because changing the existing one would be a BC break. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] JsonSerializable New Interface method Proposal
I will update the spec for it to be a function, called something like json_decode_to($json, $class, $mapping = []); With mapping you could then specify with array keys map to which class property. Sent from my iPhone On 13 Jul 2015, at 16:59, Rowan Collins rowan.coll...@gmail.com wrote: guilhermebla...@gmail.com wrote on 13/07/2015 15:19: What about JsonDeserializable? I would like to have the choice to have a serialize-only operation. Yeah, this would need to be a new interface, because interfaces can't have optional methods, so changing the existing interface would instantly break all existing implementations, which would be a big no-no IMHO. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] JsonSerializable New Interface method Proposal
Ryan,
I think the usage of this won't support multidimensional arrays.
However in the decode function,
You could specify
Foreach ($arr['permission'] as $permission) {
$this-permissions[] = (permission) json_decode($permission);
}
Sent from my iPhone
On 13 Jul 2015, at 17:03, Ryan Pallas derokor...@gmail.com wrote:
Ive just opened a new RFC https://wiki.php.net/rfc/jsonserializable
regarding Json to Object unserialization.
I like the idea, but how do you handle complex json notations, that may
contain arrays of objects? Say:
{
id: 123
type: user,
name: derokorian
permissions: [{
id: 1,
value: create
},{
id: 2,
value: edit
}]
}
Would this new function give me objects of type Permission in the permissions
array, or would this solution only be a single level deep and therefore
return an array of StdClass? I see no way to be able to tell this to the
decoder in the User class because php does not support typed arrays.
[PHP-DEV] RFC Karma
Hey, Could I please have RFC Karma for my wiki account, (user: decanus) as I would like to create an RFC for my concept https://decanus.github.io/JsonSerializable-Proposal/ Thanks
[PHP-DEV] Concept for Json_decode
Hello, I have a proposal for PHP. The proposed interface would allow developers to decode json into a custom object directly. If given the approval I would possibly be able to implement it. Here is my github link with further details: https://github.com/decanus/JSON-Aware/tree/master Regards, Dean
