Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114868 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 78909 invoked from network); 14 Jun 2021 18:27:40 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 14 Jun 2021 18:27:40 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id BA06D1804C9 for ; Mon, 14 Jun 2021 11:43:59 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 14 Jun 2021 11:43:59 -0700 (PDT) Received: by mail-wm1-f54.google.com with SMTP id n35-20020a05600c3ba3b02901cdecb6bda8so47710wms.5 for ; Mon, 14 Jun 2021 11:43:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=SNU79SiyWpgF3XYzlIQ5AJlbuOParbQm0eo4xMYgpig=; b=lRwvo0fsIQ1hIDXZiADgaXvu5xnP7rZ4Iu2cgaPK28XiGg281J4d1NZcurQV6iH6Ze T3Ma2Y5Z0qEl0s9jUBQtUILfRtq6TL/L4G6pD0zF1Be23ZrtJMoTLcv0WK4rbCx7XaN5 +5mQYXOjA+9bB/jPR9DjRx8Q3i9CHi7HujJVHtF89QC4fLALaiOfhU91u2PJo/yqkwiI 0kX4cO5br5wLQJ+nGoClVXBOQq7vus5yqaAnMY3PoQPRcgeaWWKse6KGwQbFaVx1UaRF mPXSTUEoeimvRNNy8IYcW7TVjJwrvRvyL58zSfT9f0rCRrThpjptJLoVBJE+rblcfWSt aVkg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=SNU79SiyWpgF3XYzlIQ5AJlbuOParbQm0eo4xMYgpig=; b=cUk2v3X01SBYzWHAu8oALhbpTfRW44xLk9QJSWq3iHWIDOGyH/pucw+W67G+FSLqTo 69tC2j9sKBwFChAkEKVIFzsji9XndtKlSbU1FrtYn2hv47DZMpvwiSjuNk6xCSkFz/RK mLxqc1TqNBqSZ5N0w+CutFYq3qQqj3d2NVl8wkygCOsjUgD8Req43jNXeiUCuQDd2/ub pOYsADtxijWXzVDw0x1qQZn7A057Qb891X8vD/8LCkdjqMmMJ2uMuIVgYWoEiX7G+NcI vk4lEljGlKHtXMQYJHKi4Xwh05YsRuRqX3al5ODQnC0wK+B6Rr0Cu8zkOm29JBQllCOe WEuw== X-Gm-Message-State: AOAM530YBbUGXUB6GgOkj+ytReXVWH8DKlOaV7BhkBw5VRm57VMug7aa OmnQYfwDCcZRpwmGjhjzfsBLMBFJ2Vk= X-Google-Smtp-Source: ABdhPJx43Miwlc2A4ybxbTMKWESwyk2GIvUcv6hMBaSNX6vcULcAfO4twFpYHhvul6JnzCLV95SThw== X-Received: by 2002:a1c:b783:: with SMTP id h125mr546932wmf.182.1623696235654; Mon, 14 Jun 2021 11:43:55 -0700 (PDT) Received: from [192.168.0.22] (cpc104104-brig22-2-0-cust548.3-3.cable.virginm.net. [82.10.58.37]) by smtp.googlemail.com with ESMTPSA id r18sm16877084wro.62.2021.06.14.11.43.54 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Jun 2021 11:43:54 -0700 (PDT) To: internals@lists.php.net References: Message-ID: Date: Mon, 14 Jun 2021 19:43:52 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-GB Subject: Re: [PHP-DEV] [RFC] is_literal From: rowan.collins@gmail.com (Rowan Tommins) Hi Dan, On 14/06/2021 13:29, Dan Ackroyd wrote: > While I think the idea behind this RFC is great, the current > implementation is terrible, as it will cause some fatal errors in > production. I think you have raised a legitimate concern here, but agree with Matthew Brown that calling the implementation "terrible" is neither warranted nor helpful. It's also a bit bizarre to criticise the RFC for causing fatal errors even though it doesn't introduce any, then propose a different version which *does* introduce fatal errors. > The only information would be that the html string is not > literal....but there wouldn't be any info about which bit was the > problem. Someone would have to manually check which code had been > called to produce the non-literal string. The difficulty of tracing why something is not in the expected state is indeed a tricky one, but I don't think mandating literal_implode solves it well enough to be worth the pain. Essentially, changing getInfoPanel to use literal_implode is equivalent to this: > function getInfoPanel(UserPreferences $up): string > { > $html = "
"; > $html .= // more html here > $html .= "
" > > assert( is_literal($html) ); > return $html; > } However, there could still be an arbitrarily long code path between the user input and that assertion (or call to literal_implode), so tracking the root cause could be just as difficult. The actual root cause is in getColor(), so the actual assertion needed is there: > class UserPreferences { > private DB $db; > > function getColor(): string { > $preferredColor = $this->db->getColor(); > > if ($preferredColor === 'light') { > return '#fff'; > } > > if ($preferredColor === 'dark') { > return '#000'; > } > assert( is_literal($preferredColor) ); > return $preferredColor; // user has set custom color. > } > } Adding that assertion would be easier and more elegant if it was possible to set a "literal_string" return type, but it would still be up to the user to add it. That leads to the original problem, but in reverse: when writing the getColor() function, the author needs to know where it will eventually be used to know that an assertion is relevant. It would also not solve the problem of the assertion only triggering in production without a careful integration test. That can only be solved with a static analyser, which would also have enough information to isolate the cause. Regards, -- Rowan Tommins [IMSoP]