Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:109184 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 92587 invoked from network); 21 Mar 2020 21:27:23 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 21 Mar 2020 21:27:23 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 3A27F180088 for ; Sat, 21 Mar 2020 12:51:07 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS11403 66.111.4.0/24 X-Spam-Virus: No X-Envelope-From: Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 21 Mar 2020 12:51:06 -0700 (PDT) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id C53515C02B0 for ; Sat, 21 Mar 2020 15:51:05 -0400 (EDT) Received: from imap26 ([10.202.2.76]) by compute7.internal (MEProxy); Sat, 21 Mar 2020 15:51:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=nD3Dz8 gAIfaLkOuE9c5NuZcHFVXSjRnP6q8bhJIAQT4=; b=cy+ViUbzcW72RJMeyqtMMC /lFaAHRy0eT5IiOFUstg8kL901VP+HlK6eQzDpShb/QuM6fuNAh5CuoJAgxRzHUr h92TzRb2N3k7not1/gJxfsaZszQAriiJwEAP+5nQyG/YQwWAYF/MN05DjGz6qnmp W85jRb4lonu4xju2koTS+LU/6qiGEBceL6YfyqsyAZk7aIuW2/EPyPZrboOMxONw LmSNHMrL20A0+mFaG0JuBDQ6b0FxPIoXC9uVhKIGADdj6jaBNbgKmjprwL5xIkSQ 01xk5hK/6CL9kzAZc4lNSdUGcUM5u7G0z3RdoydhuN0Wh1QfPgW8mwXJVA4mDEKQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedrudegfedgudeftdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfnfgr rhhrhicuifgrrhhfihgvlhgufdcuoehlrghrrhihsehgrghrfhhivghlughtvggthhdrtg homheqnecuffhomhgrihhnpehphhhprdhnvghtnecuvehluhhsthgvrhfuihiivgeptden ucfrrghrrghmpehmrghilhhfrhhomheplhgrrhhrhiesghgrrhhfihgvlhguthgvtghhrd gtohhm X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 723C714200A2; Sat, 21 Mar 2020 15:51:05 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.7-1021-g152deaf-fmstable-20200319v1 Mime-Version: 1.0 Message-ID: <0138464a-b583-4a0a-9e05-d3afc1d62017@www.fastmail.com> In-Reply-To: References: Date: Sat, 21 Mar 2020 14:50:44 -0500 To: "php internals" Content-Type: text/plain Subject: Re: [PHP-DEV] [RFC] is_literal() From: larry@garfieldtech.com ("Larry Garfield") On Sat, Mar 21, 2020, at 2:13 PM, Craig Francis wrote: > Hi, > > I've written up my suggestion for a is_literal() function: > > https://wiki.php.net/rfc/is_literal > > Any feedback would be appreciated. > > Craig While I appreciate the intent, without an untaint() or equivalent I fear its usefulness will be limited, or else it will get overused and thus cut off numerous entirely valid situations. Eg, there's plenty of very good reasons to put a template string into the database rather than a file literal. Or to build an SQL query dynamically in ways that an is_literal check would not allow, at least not without an absurdly complex query builder. Without a way to flag "yes, I know this was built dynamically but I've vetted it, it's OK" on a value, I fear such a check will either be unuseful or counter-productive. --Larry Garfield