Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100656
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76647 invoked from network); 15 Sep 2017 21:59:18 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 15 Sep 2017 21:59:18 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.51 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.218.51 mail-oi0-f51.google.com  
Received: from [209.85.218.51] ([209.85.218.51:44366] helo=mail-oi0-f51.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 08/69-19300-53D4CB95 for <internals@lists.php.net>; Fri, 15 Sep 2017 17:59:18 -0400
Received: by mail-oi0-f51.google.com with SMTP id l74so80858oih.1
        for <internals@lists.php.net>; Fri, 15 Sep 2017 14:59:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-language:content-transfer-encoding;
        bh=0frDFfiQ639n9TtlCMNcsasKe4HVj74c7jWXdaRGenM=;
        b=ZapDseNKp3By135NnKm0yEZaZ/xUWOCiBhx0HVAblo4A4XRnRGUFqsYXFuz05JtX81
         BQyXGlqrQ226bBZL0xVhoxNldkigyOtOucJM8zOEGY+koXKHLM3EqLwu7MxMqoEIUEUs
         CTT42PpKcXXiuU8hSL17+2LZg1d1+V7pFZC08LkZsq/kJrn9Di/zzcSj/gNEVop8RjpM
         ODSa1j73ij+HV66ZScemEjS7VjbhT5cP5p0kxg8NQfqOMrBranldwqixdQIOdm4N/XEL
         +Z0VhH01SubDvq+aq6M+9R+fzeF1mXaC9q4i7duTxgFJ5vlrR+UUAmJdHWeB0qdQEZyj
         SRQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=0frDFfiQ639n9TtlCMNcsasKe4HVj74c7jWXdaRGenM=;
        b=VTWqPumafpLYPA2Gdi9pmpW4raGa5D3zhfZ6/4XXYZGvWZbslfIaqscKmX442XERcS
         PUMH+Dc+asUziHFfmRntUacL4gBmNGVSTwGmA9Q+pIjHqTg7xjA4Y2yXnrd4VltMORA/
         Elb+vJWZVDa4MWUFiPljby7w9SRmWYSbiC8M5TTSBAmsW1zQlNm1r1kX66eIO5gKUVQp
         RBBeHTht+C4kqpRhcMZKbEu2b3tMLA4VVb8dFYM4covfPn5r7HZ2Btz8+5VJk5W4XXbL
         K31FR613BYRyZqjwlm3fdqJaE2XdIbeOsR2rm7fmZpVGb5RnsQjd7Db9dy3Jiy3B4epK
         yNMw==
X-Gm-Message-State: AHPjjUj8wmIdaA3xbfAC9RJAvinZ2Igc3Qn7D5fVFLUgAUuho2PNSZa2
	cgKi9g2RobNptEv3Lts=
X-Google-Smtp-Source: AOwi7QAA1/fpO7fnikZgsgdoIq7uy/mnBsc8zfWIBnsHBZVb+w5NSV0U7NTEde8mNZqBqvHL741liQ==
X-Received: by 10.202.72.5 with SMTP id v5mr25949334oia.151.1505512755161;
        Fri, 15 Sep 2017 14:59:15 -0700 (PDT)
Received: from Stas-Pro-2016.local (108-233-206-104.lightspeed.sntcca.sbcglobal.net. [108.233.206.104])
        by smtp.gmail.com with ESMTPSA id v204sm1774182oib.40.2017.09.15.14.59.14
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 15 Sep 2017 14:59:14 -0700 (PDT)
To: ilija.tovilo@me.com, PHP internals <internals@lists.php.net>
References: <097578bf-ab74-44cf-a465-dc6fdd50930f@Spark>
 <a25a7575-e355-40eb-7977-e55145726085@gmail.com>
 <9464fa46-8a8e-49ab-82e0-21954dd75aed@Spark>
 <f4544abc-4e74-d3da-470d-4f86bfd56ab8@gmail.com>
 <d35d5584-4656-451a-a562-1b7beee6a038@Spark>
Message-ID: <912b59c0-08e0-ec3a-6288-41477a93d2a7@gmail.com>
Date: Fri, 15 Sep 2017 14:59:13 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <d35d5584-4656-451a-a562-1b7beee6a038@Spark>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] [RFC] Deprecate the extract function in PHP 7.3
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

On 9/15/17 2:20 PM, ilija.tovilo@me.com wrote:
>> no, as there is no special risks
> 
> There certainly is. No other function (as far as I’m aware) mutates your
> local symbol table. This means you need to know exactly what symbols are

Sure, because this is the function to mutate your local symbol table!
Why would we need more of them? It's like saying unlink() should be
removed because it deletes files and no other function does it, so it's
super-dangerous!

> defined and what kind of data you’ll receive when calling `extract`. So
> basically this is only safe right at the beginning of your function, and
> even then it can override your other parameters. Even with trusted data
> this can hardly be considered safe.

It does exactly what you tell it to do. Extracts array into local symbol
table. If you don't need that, don't use that function.

-- 
Stas Malyshev
smalyshev@gmail.com