Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100653
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 71366 invoked from network); 15 Sep 2017 21:17:11 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Sep 2017 21:17:11 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:33094] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BF/58-19300-3534CB95 for <internals@lists.php.net>; Fri, 15 Sep 2017 17:17:09 -0400
Received: (qmail 116115 invoked by uid 89); 15 Sep 2017 21:17:04 -0000
Received: from unknown (HELO mail-it0-f41.google.com) (yohgaki@ohgaki.net@209.85.214.41)
  by 0 with ESMTPA; 15 Sep 2017 21:17:04 -0000
Received: by mail-it0-f41.google.com with SMTP id g18so4799860itg.5
        for <internals@lists.php.net>; Fri, 15 Sep 2017 14:17:04 -0700 (PDT)
X-Gm-Message-State: AHPjjUhGCjtqyCM5d/cE35cGw0q1gydOMK7Rhh6XjPfehmXsyPOxWh+f
	B6pkapjGbYbwdAYkc/BdIusKy+OiuyorG0iM7w==
X-Google-Smtp-Source: AOwi7QBl6E8vHhXgfd+KyWLi9FZ3F1cmkNeIzmXmIxdpAk464dGD6PmKyI+28OOHRNJqtOXfnZRoo7b4mbtSn1QZa2Q=
X-Received: by 10.36.57.70 with SMTP id l67mr7707018ita.56.1505510218729; Fri,
 15 Sep 2017 14:16:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.79.3.134 with HTTP; Fri, 15 Sep 2017 14:16:17 -0700 (PDT)
In-Reply-To: <CAESVnVqi6O7UNmX=jA3nwCLDYXqrPRwZKWYsuoeitjhAX0AGfQ@mail.gmail.com>
References: <097578bf-ab74-44cf-a465-dc6fdd50930f@Spark> <CADyq6sKQ5RqOQvcRK_dSnu+wtHBqwMkoH_Vhxw8NZCi2tk7YPQ@mail.gmail.com>
 <7d703ad8-5596-44e7-95dc-23c2cc058408@Spark> <CAESVnVqi6O7UNmX=jA3nwCLDYXqrPRwZKWYsuoeitjhAX0AGfQ@mail.gmail.com>
Date: Sat, 16 Sep 2017 06:16:17 +0900
X-Gmail-Original-Message-ID: <CAGa2bXbbEqRJmcLF7G-UMzOZyu9FJvOcNuXJyp+20C+YkQhHMA@mail.gmail.com>
Message-ID: <CAGa2bXbbEqRJmcLF7G-UMzOZyu9FJvOcNuXJyp+20C+YkQhHMA@mail.gmail.com>
To: Sara Golemon <pollita@php.net>
Cc: Ilija Tovilo <ilija.tovilo@me.com>, Marco Pivetta <ocramius@gmail.com>, 
	PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="001a114a9c66cb141e055940e900"
Subject: Re: [PHP-DEV] [RFC] Deprecate the extract function in PHP 7.3
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a114a9c66cb141e055940e900
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi all,

On Sat, Sep 16, 2017 at 2:50 AM, Sara Golemon <pollita@php.net> wrote:

> On Fri, Sep 15, 2017 at 1:35 PM,  <ilija.tovilo@me.com> wrote:
> > The `extract` function takes an associative array and
> > puts it into the local symbol table.
> > http://php.net/manual/en/function.extract.php
> >
> > I seriously doubt the usefulness of this function,
> > especially looking at the potential risks. The fact
> > that overwriting the local variables is the default
> > behaviour doesn=E2=80=99t make it any better. I suggest
> > deprecating it in PHP 7.3 and removing it in 8.
> >
> Preface: I despise extract() as well.  It's breaks assumptions for
> both the developer and the runtime.  I save some of my frowniest of
> faces for extract().
>
> That said...
>
> > I can see it=E2=80=99s usefulness in this case.
> > But wouldn=E2=80=99t it be better to implement this by hand
> > in these rare cases (it=E2=80=99s 3 lines of code) instead of
> > encouraging the pollution of the symbol table by
> > unknown input? It=E2=80=99s also clearer since people who
> > don=E2=80=99t know the `extract` function probably don=E2=80=99t
> > expect it to mutate the local symbol table.
> >
> Let's be clear on what that looks like: foreach ($data as $key =3D>
> $value) { $$key =3D $value; }
>
> This is SO MUCH WORSE for several reasons, no least of all what
> happens when $data contains keys named 'data', 'key', or 'value'.
>
> I'd like to kill extract(), but it does have a reason for being, and I
> couldn't in any good conscience support removing it without a
> replacement that's at least marginally better.
>

The security issue regarding extract() are:
 - Unintended variable creation. e.g. $admin_flag =3D ture
 - Unintended variable modification. e.g. $admin_flag =3D ture

Instead of removing/deprecating extract(),
 - Add EXTR_EXCEPTION flag that throws exception for overwriting.
  (There are many flags, but no error/exception flag. This isn't good)
 - Require prefix. (User may still set '' as prefix)

We may do:
 - Add EXTR_EXCEPTION flag in 7.3
 - Make all three parameters required parameter set EXTR_ECEPTION a default
flag in 8.0

With this way, we'll have better compatibility with older PHP and better
security with extract().

https://github.com/php/php-src/blob/master/ext/standard/array.c#L2459
Since it checks valid flags, we wouldn't have compatibility for current
versions unless
released versions code is modified for it.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a114a9c66cb141e055940e900--