Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:106217 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 98997 invoked from network); 16 Jul 2019 15:12:41 -0000 Received: from unknown (HELO mail-qt1-f174.google.com) (209.85.160.174) by pb1.pair.com with SMTP; 16 Jul 2019 15:12:41 -0000 Received: by mail-qt1-f174.google.com with SMTP id x22so14410982qtp.12 for ; Tue, 16 Jul 2019 05:34:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=XXV1/020+L5hSTEz6Bvr0jBUDJ5Ss892KeOBFPToGjY=; b=a+gzvCxd4CkAtvSTieAqEl2+SmSmAENMRIBbtDtM9dobQ18+2ih3LrUDX9pa8+02+V Ndz/jvdvAC3g8Bo6jLprELbQQ9v2EkFbvw/2HjXSzTkPxRjz7QFpF+Tbo6I8pQIhJ6Nq KXb4q3TrAiRqXCVYsKnIEd464bpSjFukVsflrad+6+C3Ul9puVxzPPB10qflHwNIefpX JiHob/uI/5a2x0hIyweQgiosj4EOPJG5mpX05fP+ctrjJttYC6aWUPnokwLUQR34iSYZ p2oNDBP9E27eKEyEYdntGLq8V833yzJ4MTFIap8DaoVX/OcuDekEzHlL0cV7X7TXB9Z9 1LPw== X-Gm-Message-State: APjAAAXVM7sj0+LBQ22+JV7BTTQGlBnuda5gPXACJ0AN4mFHcRRR+aBy 8v1oa5emrBBS8XdCRaJjAeLiyKOUKU1INvc72z0= X-Google-Smtp-Source: APXvYqxqdYccVYOqjyjM1Z2ZSJXKXoZq/jY/RRhg65dlsqzOdO48EtnO5NQVwzcort85EDPbl6UDpyrsjZt51kH/PX4= X-Received: by 2002:a0c:b755:: with SMTP id q21mr23094403qve.92.1563280444391; Tue, 16 Jul 2019 05:34:04 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Reply-To: bishop@php.net Date: Tue, 16 Jul 2019 08:33:40 -0400 Message-ID: To: Arnold Daniels Cc: PHP internals Content-Type: multipart/alternative; boundary="0000000000009283d0058dcb970d" Subject: Re: [PHP-DEV] Stop replacing dots with underscores in query, post and cookie parameters for PHP 8? From: bishop@php.net (Bishop Bettini) --0000000000009283d0058dcb970d Content-Type: text/plain; charset="UTF-8" On Tue, Jul 16, 2019 at 3:51 AM Nikita Popov wrote: > On Tue, Jul 16, 2019 at 3:40 AM Arnold Daniels < > arnold.adaniels.nl@gmail.com> > wrote: > > > Hi, > > > > PHP replaces dots with underscores for $_GET, $_POST and $_COOKIE. This > > behavior once made sense because of Register globals. The explanation in > > the manual also still implies that query and post parameters are > converted > > to variables (see > > > https://php.net/manual/en/language.variables.external.php#language.variables.external.dot-in-names > ). > > Register globals has been removed since 5.4.0 and thus this behavior > serves > > little purpose. > > > > I think it would be good to remove the conversion in PHP 8, as it's a > > general cause of confusion and annoyance for anyone who comes across it. > > > > Is there a good reason to keep this behavior in PHP 8? > > > > This has been discussed a few times already, and I think that everyone > agrees that this behavior should go, but not necessarily on the migration > path. There is an RFC here: > https://wiki.php.net/rfc/on_demand_name_mangling > I think that the latest version of that RFC, that basically proposes to > drop the behavior and tell people to use a polyfill is fine. > I've readied the proposal for formal discussion. As proposed: - PHP 8.0 will no longer mangle variable names in any super-global. - The changelog will recommend auditing super-global access for mangled names, and replacing with the actual variable name. - No INI settings will engage the behavior. - No warnings or notices will be emitted. - A polyfill will be made available to emulate that original behavior. - Applications requiring name mangling shall invoke the polyfill during bootstrap phase. https://wiki.php.net/rfc/on_demand_name_mangling --0000000000009283d0058dcb970d--