Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:108635 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 28526 invoked from network); 17 Feb 2020 09:36:16 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 17 Feb 2020 09:36:16 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 4BA1C1801FD for ; Sun, 16 Feb 2020 23:51:36 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,MISSING_HEADERS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 16 Feb 2020 23:51:35 -0800 (PST) Received: by mail-wr1-f52.google.com with SMTP id r11so18339101wrq.10 for ; Sun, 16 Feb 2020 23:51:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:cc:from:message-id; bh=ceA7wrvfIZy1RYuzmUVTPJ/vqJfcdNginVCtM4fJqh4=; b=QOnlVbKWGkZKbwj/dilerBK09clmmNVAoZ83nm5EkDVVw8ijyAO/pNo3s+K40cIE7w MIjBYWwKjvIn04Qqm1O7exlw9jqRrPNOiEiQZani+il1azMG/smyChXysNdAok++m6yw 3Zx6iuh8zEOMooPxQyZA9Ovu4sWHkkBrtDEdQ9/vD3IdszQ/62aZeSWpz4cpI1v45itj TqC/QjeAI5aZULx7BUJHN6ajcDYOMyscthhMdM1bLIyMgXYVCYI8OTOqSeHEMhXgN0F1 3oHLmYd32apLFH3rkGFBh5NxEEdX7ujbvJQ7Yj0Yd7Vv7gJXTAtQmltFao5eN2oDFND6 nvGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:user-agent:in-reply-to:references :mime-version:content-transfer-encoding:subject:cc:from:message-id; bh=ceA7wrvfIZy1RYuzmUVTPJ/vqJfcdNginVCtM4fJqh4=; b=OXP3FASCbk/ijfSxQqlDEqx8qX9IYN2cr7atD4bNFtKtb1AP876n+bEzS+9zdWeQq/ tank3m5/ygDnZ6snzwDXooNwNVqwJB2hB1G5gQ1Rodd388UeI8/D0z1R+zsoOvrfgUy0 DWt4BuMoXr/If2m0aijcYNQ/th1U5oWZ/ulslTromgHwSOsFfTHqkLjADo5prcwyBHzY bo7+/EPAoqrLYzPFOwTCDYfVJHhRb+SR8K35spyoCTq3Ik9hDTV83U7C6Q9LvWM273hp BUq9NXjVqP0TBtxTpQ3dmgrj4S4t3xHRiABZ3lF3qj5Mo2LDbMq0/twVjbwcJ6afDSi0 0UXg== X-Gm-Message-State: APjAAAVTAGF+6hBtwXjwIpAF7nTbHM3fNBG9PlZrA03oIH1e+4vWDLAW CYNFIc62pFpiV5f+x7mEE3bE9mal X-Google-Smtp-Source: APXvYqwkuP3Nd5FKYm84v5JhzNoi8fxPFy90aN6hIKr0sF2NmH5f4mY3gk+19s5hs+waJr5zgtenKQ== X-Received: by 2002:adf:a19c:: with SMTP id u28mr20293439wru.221.1581925891227; Sun, 16 Feb 2020 23:51:31 -0800 (PST) Received: from [192.168.0.12] (cpc84253-brig22-2-0-cust114.3-3.cable.virginm.net. [81.108.141.115]) by smtp.gmail.com with ESMTPSA id z4sm19607823wrt.47.2020.02.16.23.51.30 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 16 Feb 2020 23:51:30 -0800 (PST) Date: Mon, 17 Feb 2020 07:51:26 +0000 User-Agent: K-9 Mail for Android In-Reply-To: References: <50BD013E-CF72-414C-BBC0-A7A2E45CBDDB@pmjones.io> <5DEE5A6E-2587-432D-9651-320DF42A7732@newclarity.net> <52c24f76-570a-8541-1d62-555f2a0582f5@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable CC: internals@lists.php.net Message-ID: <1215E82A-FEFD-4379-A1A1-7F9C8B920251@gmail.com> Subject: Re: [PHP-DEV] RFC: Server-Side Request and Response Objects (v2) From: rowan.collins@gmail.com (Rowan Tommins) On 17 February 2020 00:45:26 GMT+00:00, Mike Schinkel wrote: >I think your latter points are orthogonal to this=2E And that you are >taking my advocacy for adding filtering to apply too literally to only >the specific implementations in filter_input()=2E Firstly, I deliberately didn't say "the filter API isn't well designed", I= said "designing a good validation API is hard"=2E In particular, finding t= he balance between flexibility and simplicity is key=2E Including a single blessed validation API in something as fundamental as a= request object should take a lot of careful design, not be an afterthought= to something like the current RFC=2E I also talked specifically about moving away from the old assumptions of C= GI=2E What does it mean to "filter" a JSON body? We could check it's valid = JSON, but parsing it will reveal that anyway=2E We could automatically pars= e it in the request object, and have "filters" apply to individual elements= ; but where would the user supply parser options, and how would you specify= nested elements? Or we could keep it as a dumb string, and leave the validation to other sy= stems, like a JSON Schema validator=2E Even with a plain HTML form, you might be using a form builder and want to= associate your validation with the form definition rather than having it b= aked into the request object=2E >But given how much work it is get to an RFC over the line, it feels >like decoupling would end up with a lot more work, lengthen the >timeline to achieve base level functionality, and add uncertainty to >whether it will even happen whereas handling the 20% now that we need >80% of the time would mean the API would be mostly fully usable out of >the gate=2E Funny, I see the exact opposite: trying to build a single set of classes w= hich include a system for getting global state AND a system for parsing it = in different ways AND an in-built validation API seems like a mammoth task= =2E And if you keep it monolithic, any feature you miss or make a mistake o= n is much harder to fix later=2E Regards, --=20 Rowan Tommins [IMSoP]