Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100652
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 69104 invoked from network); 15 Sep 2017 21:05:42 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Sep 2017 21:05:42 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.178 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.223.178 mail-io0-f178.google.com  
Received: from [209.85.223.178] ([209.85.223.178:49598] helo=mail-io0-f178.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id A6/F7-19300-5A04CB95 for <internals@lists.php.net>; Fri, 15 Sep 2017 17:05:41 -0400
Received: by mail-io0-f178.google.com with SMTP id 21so11422732iof.6
        for <internals@lists.php.net>; Fri, 15 Sep 2017 14:05:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-language:content-transfer-encoding;
        bh=ZHcgjB74t6axaqz5zakr2Hw9i0whSrcdSaN5SiBE+kE=;
        b=lgaxeuhBr8vba55gwRWYElumesJewzgYmSq+SqPMWyeWzl5SlUqjrD8yWCytYm9plH
         1Tus0XuHb4A+qvn5Q3Opvskcd1h//hnKCYN20V0o1d6TQ2e9QLLFxuO5vcC1Caub0sGF
         SE5/Vdnm9dS3fxmklmRg/lsBAlm/R3zQh2huw9sjFwzZnk6OuTneUON86Blkm48LITOx
         jKabL3D6GnChZg15lTY5a15myeUTtrkOe7mMIeBIw076yLULcnckegM6Ddx2GkfJETJf
         Yu6XH5Dmwvc/o28syOLj1MgXcKFvMChO27LEj9sIYz4/kFh76hbtNywnh1GpXgtSlGVV
         SG2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=ZHcgjB74t6axaqz5zakr2Hw9i0whSrcdSaN5SiBE+kE=;
        b=uGhGyzGHwaFXCrW8EUBDkJleNdjcpJGZh6maNjaAz8bAfQBX2VL3BhAYojHYzlSMuE
         /Da42kHoLI951nLY5j6M3Kwyls3l7fv2Xr1iVkipmEvEPFGMEHvOTHBp221wngooCknf
         4yg9psflnjK7xrzIbAVphVC/JQ7vAYxMxq6msXrPmkNzqW9EBqfGSP/YadAKbvP0O2JS
         1IlmIaoEhj3g/7iZMHEzkDHI894GoQk/+Vr+nTm36YMO1swUkr4CffFoDRlMrRzT3hVU
         8maHUzUILQW4O0jeOgoIwZM8LndfKCs8NciTj6LlQVovAt75ZEOUUd1OQ9b3SggH5XPn
         Xc+A==
X-Gm-Message-State: AHPjjUidF3wYKjxDIPtok5rYj1W/EWp3FNVdJLvIwhdHsBuP/+0NwcfF
	DhZpAxHSmq9upNSx4W8=
X-Google-Smtp-Source: AOwi7QCOPWi+4D96PGxes2bPDNAayTvtRiyQaU7RgQS8MuzNV+jyfmlqEzGfBiUfG0SxcU21bqkFcg==
X-Received: by 10.202.223.7 with SMTP id w7mr2962694oig.237.1505509538546;
        Fri, 15 Sep 2017 14:05:38 -0700 (PDT)
Received: from Stas-Pro-2016.local (108-233-206-104.lightspeed.sntcca.sbcglobal.net. [108.233.206.104])
        by smtp.gmail.com with ESMTPSA id r185sm1997440oie.56.2017.09.15.14.05.37
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 15 Sep 2017 14:05:38 -0700 (PDT)
To: ilija.tovilo@me.com, PHP internals <internals@lists.php.net>
References: <097578bf-ab74-44cf-a465-dc6fdd50930f@Spark>
 <a25a7575-e355-40eb-7977-e55145726085@gmail.com>
 <9464fa46-8a8e-49ab-82e0-21954dd75aed@Spark>
Message-ID: <f4544abc-4e74-d3da-470d-4f86bfd56ab8@gmail.com>
Date: Fri, 15 Sep 2017 14:05:36 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <9464fa46-8a8e-49ab-82e0-21954dd75aed@Spark>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] [RFC] Deprecate the extract function in PHP 7.3
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> Dangerous meaning that if given untrusted input someone could mess with
> the behaviour of your code. There are risks and benefits to every

Same as many other functions. Given untrusted input, unlink() could
delete files on your hard drive, and file_put_contents() could overwrite
your data or send it to unauthorized party. That's not the reason to
remove these functions.

> solution. Certainly you’d agree that in some cases the risks outweigh
> the benefits.

In some cases, yes. In this case, no, as there is no special risks not
existing in many other functions. Any function that has side effects
could do something unexpected when you give it unexpected input. Since
we're not converting PHP to be purely functional language just yet, the
solution is to use functions correctly, not remove them.
-- 
Stas Malyshev
smalyshev@gmail.com