Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:100650 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 63554 invoked from network); 15 Sep 2017 20:10:42 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 15 Sep 2017 20:10:42 -0000 Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.213.48 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.213.48 mail-vk0-f48.google.com Received: from [209.85.213.48] ([209.85.213.48:50034] helo=mail-vk0-f48.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BE/37-19300-1C33CB95 for ; Fri, 15 Sep 2017 16:10:42 -0400 Received: by mail-vk0-f48.google.com with SMTP id h191so1527182vke.6 for ; Fri, 15 Sep 2017 13:10:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=SKu7TREbUCj7c48FA+SvU233xwMC/iR30115blOrpb8=; b=dH8CRLKYiEsl5U2tMIsnyGk3B/5rsDktKIkf2x55tql4/0Lfw7cNFtumtxCKY921Jw Bub0RC+BBSdVZFvtsaJx55Y9LSmvdEd8CfOdhEf0HTnmLyBYJI0KHNuhxVGUeUw9Hd+D KsqCrR4YfBLHDkafXGM619Exf28Bj1iC6MRctKLh+HbiDoNrerMmf1JpNGCGymE/Aowe YMcIQgx+DQBxZMvBA8wY4fbPYx9BpgLVwvIUNdHREs7cCq0bk5w3PZJTI8Zyx9T8OkuF bGJWTw3WFvkcrNDJ1EFgrlbgVsLnXqz1ANIGZF5T4qvM5mJJvcnxlfO6gh9E0kwthD+p rGqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=SKu7TREbUCj7c48FA+SvU233xwMC/iR30115blOrpb8=; b=suIq8N9z/Nthg+x2DwZMYnLwNIe4a28r48hZxuDAvvkD+ECVbLBXQ1LZP0QMpocWVV pntMJi4BzWpgVi6upjVmTZfTieOorlJCXbXEzxJoPRM9R5s8z74cKUBlopRbld/OVTq3 v+x4KkfBmdyWmD/MliUumrD8HYSz+JecP5hxC17xiDrgv/R1FTkEmaw+rCPCKG23Opuj gfmBnSZ+Ocas2ag738Xmyus8+cfSuG97ACZkEPGavtbgiC6743hkqRf9BIJJmVZb41++ TsQqoBn7djz6Y/V68d6NigLWQhJOjaU/VGXuRL7v3uNjGcu7UZb2rhAzOsL8+mHXNM6B VWhQ== X-Gm-Message-State: AHPjjUiWs/TOPx4Q6LJH3tWK/t1o0H8xE+xS00NObLOVUD6f+QaL/AZZ AzxPipZEXXkzwjQf0lI= X-Google-Smtp-Source: AOwi7QDyifv9NmwbNXh41yqZMCFVSWIl8K9O/cVCRbIOVk4HjqJ04tmgqmgdQo/12Ht8TIhDBwME4Q== X-Received: by 10.31.58.145 with SMTP id h139mr19548456vka.194.1505506238874; Fri, 15 Sep 2017 13:10:38 -0700 (PDT) Received: from Stas-Pro-2016.local (108-233-206-104.lightspeed.sntcca.sbcglobal.net. [108.233.206.104]) by smtp.gmail.com with ESMTPSA id l64sm291689vke.45.2017.09.15.13.10.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 15 Sep 2017 13:10:38 -0700 (PDT) To: ilija.tovilo@me.com, PHP internals References: <097578bf-ab74-44cf-a465-dc6fdd50930f@Spark> Message-ID: Date: Fri, 15 Sep 2017 13:10:36 -0700 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <097578bf-ab74-44cf-a465-dc6fdd50930f@Spark> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] [RFC] Deprecate the extract function in PHP 7.3 From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > As a second parameter the `extract` function takes some options to > make this function less dangerous, like `EXTR_SKIP` that I'd start with specifying what exactly is "dangerous" in this function. So far I don't see any specific danger. You can shoot yourself in the foot, so you can with many other tools in the language. > I seriously doubt the usefulness of this function, especially looking > at the potential risks. The fact that overwriting the local variables Which risks? This function is used by real-life code, and unless you do something like extract($_GET) in global scope I don't see any problem. With extract($_GET) we could then also propose to remove all file functions because fopen($_GET['filename']) or unlink($_GET['filename']) are also dangerous. But if you use it properly, I don't see what "risks" are there. > Any thoughts? -1 so far, I don't see what problem you are trying to solve. -- Stas Malyshev smalyshev@gmail.com