Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:108439
Return-Path: <mike@newclarity.net>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 45920 invoked from network); 10 Feb 2020 19:19:05 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 10 Feb 2020 19:19:05 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id ED9DB1804D7
	for <internals@lists.php.net>; Mon, 10 Feb 2020 09:32:45 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
	SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <mike@newclarity.net>
Received: from mail-yw1-f43.google.com (mail-yw1-f43.google.com [209.85.161.43])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon, 10 Feb 2020 09:32:45 -0800 (PST)
Received: by mail-yw1-f43.google.com with SMTP id h126so3772268ywc.6
        for <internals@lists.php.net>; Mon, 10 Feb 2020 09:32:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=newclarity-net.20150623.gappssmtp.com; s=20150623;
        h=mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=Jis4Ee4uaXcR5AKGpZj1thGvvSpcP7YQFW3ilwpJBK8=;
        b=CeG5RxZAGGtzpvuwic9URda8VTI+BnJ2i8imMckbBpw/b4NG+M6pKLbOA1DguOiv4e
         Em42djviWhW8WCNzZgb3zVhyigkGVqf76hL0Et/4FrJnT8FC1KyUZ5IvaiQheeI/PDfh
         YgAJcWKJlLNWOCfjabbVCn7Gk0/nsaa32JD5itWjS0bEnsdhyWufZGr3CJrbgJsJMjkN
         6pk5RKZGWZWFa8ddsL8Swabbwcm7fkNUTiACxzD+ixbQ6IJ44zxMxEcK+u4Mciay7RGJ
         D51fBw5eg/kKKlK6Rm+59UIKVU3fgJNORbrIveKG0df0QWDddyH5QDeYJfbrdQL+Pa9f
         A5bg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
         :content-transfer-encoding:message-id:references:to;
        bh=Jis4Ee4uaXcR5AKGpZj1thGvvSpcP7YQFW3ilwpJBK8=;
        b=n02OgR0rwlop3izNT0YKdGnw3T5KDYsdNa7cKDz5dASFLkccSF7gpwOLkIOQdj2Lk+
         PaKC/CXRU331hvGAFM35cwpkPzDR/MoNLQUy9zrfU6x0zYtauis/PMoZjB0BW0oCNS2T
         kQozB1N67ekUJR5kMRdtSwk1Wl+44upZtNDYbLHSTvlXMbG3Ns6QjjR2NCkn8roP4Qg/
         bxa+PCQGxrSwudn5mUXMvfbw2WCkgoubXMG74SpzcIo3FkrwqXL4savILN4jWX4hOhmC
         Sad2Ld5hMJbrPKDG03XlFDzATQidHdStRfmE/DGr6R51GI9rUj4a4NVNEmaEg7XOB4bn
         AfKQ==
X-Gm-Message-State: APjAAAXjelG3Qjk8Zp+eN68oALd7ntWE4xE4AvQSgKF63FPpbQ36xGT+
	jS+B6ghqZPITs++3sbId3DdtJyLuCaqhRg==
X-Google-Smtp-Source: APXvYqxs9N7C6H1by7lALDz//Q0WldyqsIQ6C3ECb9srJ3YDTHQPKKPfyVzjBqA9AbnXHeBAXjGCHA==
X-Received: by 2002:a0d:df15:: with SMTP id i21mr1988239ywe.73.1581355964761;
        Mon, 10 Feb 2020 09:32:44 -0800 (PST)
Received: from ?IPv6:2601:c0:c680:5cc0:2d41:b9c0:ed35:b8f6? ([2601:c0:c680:5cc0:2d41:b9c0:ed35:b8f6])
        by smtp.gmail.com with ESMTPSA id t3sm543152ywi.18.2020.02.10.09.32.43
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 10 Feb 2020 09:32:43 -0800 (PST)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
In-Reply-To: <50BD013E-CF72-414C-BBC0-A7A2E45CBDDB@pmjones.io>
Date: Mon, 10 Feb 2020 12:32:42 -0500
Cc: internals@lists.php.net
Content-Transfer-Encoding: quoted-printable
Message-ID: <5DEE5A6E-2587-432D-9651-320DF42A7732@newclarity.net>
References: <50BD013E-CF72-414C-BBC0-A7A2E45CBDDB@pmjones.io>
To: "Paul M. Jones" <pmjones@pmjones.io>
X-Mailer: Apple Mail (2.3445.104.11)
Subject: Re: [PHP-DEV] RFC: Server-Side Request and Response Objects (v2)
From: mike@newclarity.net (Mike Schinkel)

> On Feb 10, 2020, at 11:18 AM, Paul M. Jones <pmjones@pmjones.io> =
wrote:
>=20
> Hi Internals,
>=20
> After a couple of years of incubation, I am happy to offer a second =
version of this RFC:
>=20
>  https://wiki.php.net/rfc/request_response
>=20
> It proposes an object-oriented approach around request and response =
functionality already existing in PHP, in order to reduce the =
global-state problems that come with superglobals and the various =
response-related functions.
>=20
> The SQLite "about" page says, "Think of SQLite not as a replacement =
for Oracle but as a replacement for fopen()." =
<https://www.sqlite.org/about.html>  Likewise, think of this RFC not as =
a replacement for HttpFoundation or PSR-7, or as a model of HTTP =
messages, but as an object-oriented alternative to superglobals, =
header(), setcookie(), setrawcookie(), and so on.
>=20
> Thanks in advance for your time and consideration while evaluating it.

I like this, a lot.=20

Having a language _standard_ approach means that I could depend on it =
existing and that all (new) userland code I might want to incorporate =
into a project would be compatible rather than the current state of 100! =
different incompatible implementations across frameworks. =20

I had numerous questions and concerns, but after reading through the RFC =
and the associated links I think you addressed most of them.

I do have questions about ServerResponse.  It is not clear how that =
interacts with existing echo, header(), setcookie(), etc?  You say it =
creates a buffer; is $responseSender->send($response) effectively the =
same as having issued regular echo, header(), setcookie(), etc. all at =
once?  And that there is no global buffer but instead the application =
would have to manage using a shared $response on its own because each =
instance of $response has it's own buffer and can be sent at any time =
into the existing output "stream?"

Regarding ServerRequest I saw the comment about using a factory instead =
of creating an instance and your reason for not going that route. How =
about instead creating an empty mutable object with the constructor and =
then a method with an optional array parameter that adds the values and =
"locks" it to be mutable, i.e.

$request =3D new ServerRequest();
$request->initialize();
// OR
$request->initialize([
    '_SERVER' =3D> [
        'foo' =3D> 'bar',
    ],
]);

With this approach someone could create a class that contains the =
ServerRequest and build the object up to be anything they like which =
could be useful for testing, i.e.

$request =3D new ServerRequest();
$request->get =3D [ 'foo' =3D> 'bar' ];
$request->cookie =3D [ 'id' =3D> 123 ];
$request->nv =3D $_ENV;
$request->server =3D $_SERVER;
$request->lock();

I would also suggest considering to add get(), post(), request(), =
cookie(), server() and end() methods to ServerRequest that would =
incorporate the functionality of filter_input().  Otherwise we have to =
bypass the objects to get filtering.

In general I think this would definitely be a nice enhancement to PHP, =
IMO.  It would be great to be able to deprecate use of $GLOBALS, etc. =
with a language _standard_ approach, and flag their use as problematic =
in any of our code.=20

Would you not also add an option to generate a warning when using them =
for those who want to deprecate their use in their own code (deprecating =
across the board would be too extreme give how much CMS and framework =
code uses them intimately.)

Thanks in advance for considering.

-Mike=