Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:101311
Return-Path: <andreas@dqxtech.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 29830 invoked from network); 11 Dec 2017 08:10:47 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Dec 2017 08:10:47 -0000
Authentication-Results: pb1.pair.com smtp.mail=andreas@dqxtech.net; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=andreas@dqxtech.net; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain dqxtech.net from 209.85.215.41 cause and error)
X-PHP-List-Original-Sender: andreas@dqxtech.net
X-Host-Fingerprint: 209.85.215.41 mail-lf0-f41.google.com  
Received: from [209.85.215.41] ([209.85.215.41:42142] helo=mail-lf0-f41.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 5D/C8-53433-78D3E2A5 for <internals@lists.php.net>; Mon, 11 Dec 2017 03:10:47 -0500
Received: by mail-lf0-f41.google.com with SMTP id i2so18111013lfe.9
        for <internals@lists.php.net>; Mon, 11 Dec 2017 00:10:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=dqxtech-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=9s47eLMvbswANkHdrikfmFgM/BQGHlnU0j2fjI0uVCk=;
        b=lQw0Sc5+RpOnloU73ZZ8CGH2eMdgNSx3NbqY9v16s+uSz67Q0NfYUWvLFZ27oTztID
         J7PdebzvFV+azVCNgOeP1oWC4+CvxfwCkP3+7y8FkUBk9P7eT83CJEGoe+eF45LIRcvG
         hckMoOtHSwZ84VHVpnChbmYQRlW8nYmxKehPaaNHl7x4girNLO1o0kiqkXVKDuRusoQL
         3ge2lvd2oeFZ/xcmSf/Kyfi7Izh1IIe78BSpP5CZF8vlimh57CDhZXicy2is4+PxslSk
         SB34GZAbLijLYOL87t0ARUA8Tm99OCMUMKsHb8EW4y87rkHIRgZ8xL+YornwyOyYGF6H
         hAZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=9s47eLMvbswANkHdrikfmFgM/BQGHlnU0j2fjI0uVCk=;
        b=P5wdA+9bOqzpwwfBxjZzHRa0g09IA+W8uOhiUiVTC+uIwcIvHz1ESNzCpl0JDWvH7t
         ttf+kwojn3WN7J06QyGfftVON5lKjD2w+v+NyqKcJTlDlQXKDMDAqtANqElf5WG7OqpE
         0Wj+MPgqz86ol/qYLkZwH+YEQHKOMr0NN67/9Xmreenkmyslz26DbY33LrKyGaPA5gSy
         em8wkECKOYGB8wYN/6mDEzoiH2hyE77W4mDIZfWyDFS1hcKYe6vfCqBA0LNev/oo5SD4
         /8QdOt9mnQEXafZ64ii26giKBWsluxoqw6KNrFPREfguMwgXdaxQ/xiJh4wqCfJYt8n4
         TlIg==
X-Gm-Message-State: AJaThX49QTX52VA57x+8rJL1RLAQQ2b/11q9Fcso95dHnz64GfbzTPnZ
	I4M4YcbofmQXlTrv9KW/mLSpBcL1
X-Google-Smtp-Source: AGs4zMYoyFTZ3Wy6273bJFmiGXDx9zdEb/6B+Y98ZLb4btdqSaERCrgwJVE11gSLjS4GpABrtJLXrA==
X-Received: by 10.25.115.23 with SMTP id o23mr18662674lfc.164.1512979844047;
        Mon, 11 Dec 2017 00:10:44 -0800 (PST)
Received: from mail-lf0-f43.google.com (mail-lf0-f43.google.com. [209.85.215.43])
        by smtp.googlemail.com with ESMTPSA id h11sm2589486lfd.54.2017.12.11.00.10.42
        for <internals@lists.php.net>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 11 Dec 2017 00:10:43 -0800 (PST)
Received: by mail-lf0-f43.google.com with SMTP id i2so18110944lfe.9
        for <internals@lists.php.net>; Mon, 11 Dec 2017 00:10:42 -0800 (PST)
X-Received: by 10.25.225.143 with SMTP id l15mr17772526lfk.38.1512979842689;
 Mon, 11 Dec 2017 00:10:42 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.170.16 with HTTP; Mon, 11 Dec 2017 00:10:21 -0800 (PST)
In-Reply-To: <CADyq6sJ4SBPTbnwQo+5Qzna_jM8chuurqDGFK8ucNW63VdUQ_g@mail.gmail.com>
References: <CAH0Uv3ErvVo5qPotvrHby7AKrzUQix_YuDU5dbQWos8bvCASqw@mail.gmail.com>
 <CANUQDChCkt0CzYHeJoRN+d7_wWBe82-J5MJEgXWFj9qTBMz4Zg@mail.gmail.com>
 <CAH0Uv3FNGUTtUKx8SA=VJ2MKUQmdt1Rd0vqQXCZt_zk3n6tqQA@mail.gmail.com> <CADyq6sJ4SBPTbnwQo+5Qzna_jM8chuurqDGFK8ucNW63VdUQ_g@mail.gmail.com>
Date: Mon, 11 Dec 2017 09:10:21 +0100
X-Gmail-Original-Message-ID: <CAH0Uv3Ebvg+Jpgn9hkNw+ScatjKvKz3wRGpM7SbHVkX+KGS1nA@mail.gmail.com>
Message-ID: <CAH0Uv3Ebvg+Jpgn9hkNw+ScatjKvKz3wRGpM7SbHVkX+KGS1nA@mail.gmail.com>
To: Marco Pivetta <ocramius@gmail.com>
Cc: Niklas Keller <me@kelunik.com>, PHP Internals List <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="001a113c23ee13719005600c129f"
Subject: Re: [PHP-DEV] ReflectionContext for imports and namespace
From: andreas@dqxtech.net (Andreas Hennings)

--001a113c23ee13719005600c129f
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On 11 December 2017 at 09:05, Marco Pivetta <ocramius@gmail.com> wrote:

> On 11 December 2017 at 08:46, Marco Pivetta <ocramius@gmail.com> wrote:
> > Indeed that already exists at
> > https://github.com/Roave/BetterReflection/blob/2.0.1/docs/
> features.md#analysing-types-from-docblocks
> > - relatively new lib, so it probably didn't get noticed upfront in here=
.
>
>
> Yes, parser / userland solutions exist for this purpose.
> (I have seen BetterReflection)
>
> I just thought since this information is already available, a library
> that uses reflection API should not need a userland parser to get it.
>
>
> Unless the codebase being analyzed is trusted and not legacy
> (wordpress-style) any tool based on the current reflection API is basical=
ly
> a potential security issue or a set of potentially harmful side-effects.
> The reason for me and James building BetterReflection was essentially tha=
t,
> since the current API is flawed and not really fixable without BC breaks
> (removing the side-effect), so I strongly encourage any code analysis too=
l
> to just use the userland adapters we wrote, and only switch to core
> reflection when performance is more critical than security.
>

These side effects would be that the class loader loads files which can
break things?


>
> This also means that if your addition makes it into the language it will
> be implemented also by those adapters BTW, so push on =F0=9F=91=8D
>

--001a113c23ee13719005600c129f--