Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100642
Return-Path: <ilija.tovilo@me.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 46888 invoked from network); 15 Sep 2017 17:42:04 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Sep 2017 17:42:04 -0000
Authentication-Results: pb1.pair.com header.from=ilija.tovilo@me.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=ilija.tovilo@me.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain me.com designates 17.142.194.250 as permitted sender)
X-PHP-List-Original-Sender: ilija.tovilo@me.com
X-Host-Fingerprint: 17.142.194.250 pv33p00im-asmtp001.me.com  
Received: from [17.142.194.250] ([17.142.194.250:64151] helo=pv33p00im-asmtp001.me.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3B/54-19300-CE01CB95 for <internals@lists.php.net>; Fri, 15 Sep 2017 13:42:04 -0400
Received: from process-dkim-sign-daemon.pv33p00im-asmtp001.me.com by
 pv33p00im-asmtp001.me.com
 (Oracle Communications Messaging Server 8.0.1.2.20170607 64bit (built Jun  7
 2017)) id <0OWC00B000PCXR00@pv33p00im-asmtp001.me.com> for
 internals@lists.php.net; Fri, 15 Sep 2017 17:41:57 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=04042017;
	t=1505497316; bh=W2ru/McsLsNrpBHLZCzuWxe4cON/6IOhovjHYoVTCTk=;
	h=Date:From:To:Message-id:Subject:MIME-version:Content-type;
	b=wKiCg+BXpDwFXlsmH7QY8Hcxjl3FW2ratShe66nt+Oq6LkCr7LKM7+JeWVlZUwdDH
 A7AkTsleFI5lxEC/HtnAy1fWGFGGJCsdhHw5fK+VnH4kxr1C8Y2dbgCTFwtq6SoAb8
 M3oUO0Q0MfX/iTNW8ZT/7V8RAMlxKsROsAq8ZVbjwv93sYMRZm85QqxoYFgJU/KYWq
 H0MhYzqhNW5qynTPKBjwZufRO5mG3OwBAarBYlDaubXKykNfJ+NPxQIWl8WIXeoqiu
 +7akYpT5xZ7uWFK8OQE89b8ujInFux+fyUr6gcdmBjgrTQgQNjF3amwodFYr1ik9++
 c4m083INAr7dw==
Received: from icloud.com ([127.0.0.1]) by pv33p00im-asmtp001.me.com
 (Oracle Communications Messaging Server 8.0.1.2.20170607 64bit (built Jun  7
 2017)) with ESMTPSA id <0OWC00NZR15S1L00@pv33p00im-asmtp001.me.com>; Fri,
 15 Sep 2017 17:41:55 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,,
 definitions=2017-09-15_06:,, signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
 clxscore=1011 suspectscore=34 malwarescore=0 phishscore=0 adultscore=0
 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.0.1-1707230000 definitions=main-1709150257
Date: Fri, 15 Sep 2017 19:38:22 +0200
To: Ryan Pallas <derokorian@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Message-ID: <ddd6a841-665f-461f-a29f-d9cbf1293927@Spark>
In-reply-to:
 <CAObuZdtSUwyJi-qmg8cDjHJvqGtecTJ8U5J8tm_Oe765m5vDPw@mail.gmail.com>
References: <097578bf-ab74-44cf-a465-dc6fdd50930f@Spark>
 <CAObuZdtSUwyJi-qmg8cDjHJvqGtecTJ8U5J8tm_Oe765m5vDPw@mail.gmail.com>
X-Readdle-Message-ID: ddd6a841-665f-461f-a29f-d9cbf1293927@Spark
MIME-version: 1.0
Content-type: multipart/alternative; boundary=59bc10dd_643c9869_73e9
Subject: Re: [PHP-DEV] [RFC] Deprecate the extract function in PHP 7.3
From: ilija.tovilo@me.com

--59bc10dd_643c9869_73e9
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hi Ryan

I can see your argument. The reasoning behind it is that a function in th=
e standard library should not encourage unsafe code. Admittedly, since th=
is function is rarely used except for templating systems one could call t=
his a non-issue. I just wanted to bring it up.

Regards


On 15 Sep 2017, 19:30 +0200, Ryan Pallas <derokorian=40gmail.com>, wrote:=

>
>
> > On Sep 15, 2017 11:22 AM, <ilija.tovilo=40me.com> wrote:
> > > Hi=21
> > >
> > > The =60extract=60 function takes an associative array and puts it i=
nto the local symbol table.
> > > http://php.net/manual/en/function.extract.php
> > >
> > > =60=60=60
> > > =24array =3D =5B
> > > =C2=A0 =C2=A0 =E2=80=98foo=E2=80=99 =3D> =E2=80=98foo=E2=80=99,
> > > =C2=A0 =C2=A0 =E2=80=98bar=E2=80=99 =3D> =E2=80=98bar=E2=80=99,
> > > =5D;
> > >
> > > extract(=24array);
> > >
> > > print =24foo; // =22foo=22
> > > =60=60=60
> > >
> > > As a second parameter the =60extract=60 function takes some options=
 to make this function less dangerous, like =60EXTR=5FSKIP=60 that preven=
ts an existing local variable of being overwritten. There=E2=80=99s a few=
 more options, go ahead and take a look at the documentation. =60EXTR=5FO=
VERWRITE=60 is the default one though. You can also pass a prefix for the=
 variable names as a third argument.
> > >
> > > I seriously doubt the usefulness of this function, especially looki=
ng at the potential risks. The fact that overwriting the local variables =
is the default behaviour doesn=E2=80=99t make it any better. I suggest de=
precating it in PHP 7.3 and removing it in 8.
> > >
> > > In a whole Symfony-Stack (3.4) with all of it=E2=80=99s dependencie=
s I could only find two usages of this function, both of which could be e=
asily rewritten in vanilla PHP:
> > > https://github.com/symfony/symfony/blob/master/src/Symfony/Componen=
t/Templating/PhpEngine.php=23L148
> > > https://github.com/symfony/symfony/blob/master/src/Symfony/Componen=
t/Templating/PhpEngine.php=23L158
> > >
> > > Only downside: A polyfill is probably impossible since you cannot m=
utate the local symbol table of the callee (as far as I=E2=80=99m aware).=

> > >
> > > Any thoughts=3F
>
> I see no gain by removing this function. I've also seen it used for tem=
plating quite often. Yes the functionality could be changed not to use ex=
tract and end up working the same to the consumer but why make people rew=
rite these things for no apparent gain (and likely a small performance hi=
t)=3F
>
> > >
> > > Regards
> > >
> > >
>

--59bc10dd_643c9869_73e9--