Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:114870 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 83865 invoked from network); 14 Jun 2021 19:00:15 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 14 Jun 2021 19:00:15 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id D40571804C9 for ; Mon, 14 Jun 2021 12:16:32 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2, SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com [209.85.219.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 14 Jun 2021 12:16:32 -0700 (PDT) Received: by mail-qv1-f50.google.com with SMTP id x6so16139923qvx.4 for ; Mon, 14 Jun 2021 12:16:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=newclarity-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=0aPpriWRjce4YmIWKSvOs1yz5GhINpCKaLIquisnH9s=; b=0LzXqH9jBwgourJ0rDQz+C4pkoOsBrE/VjnleXLXJNeiD9AjkKajW7Y9J6hp0FMTNs dDk9nIGvP+nQfBCOc7uppO2A0R+7CV+qjarzMKxSL2zJ1aUpM1TQlVbDz22P5nKlu5yT 66Ongw+UD2ULtxwZp2VfHVNI4igBUaSnvbWDHf46keNVZfjF2tqBeQRnQUKgLdLqerUU NvFq/B0V7P2xwqf+r7l/MhL7BOVKrzy2TSMhK4UD/JDS2xReyRHZF6TGHjbNORI0Y2T+ MNDr4HTuu9c1egAkGHqGJF78eyYNY16XPOtxoRchuJBYNBg37Ltpt/IMPsYqpqGRIfR+ QpVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=0aPpriWRjce4YmIWKSvOs1yz5GhINpCKaLIquisnH9s=; b=b6j5j+bR5Lb879yiESrFWuIfNNCg4vH8p+8r6Xgf8p7H8Ld6O2DuihB80TegJP1dqy M4Wmd931UhCizng+tBqyTyYBrodVKgxtZdX7n17AkQ0ZZsp1ZpnMsFdIaE+kPhFehMdc e1sTlYiyaCgG9WzaIwjVffW2tL1+P7f9qsLElJk1gBQVueSgIRUC+tXwf6S3HrwhPctZ PXKH7Oq6rVSeAan0+jZQN17JrmgXnCrJlUJDuBy7/7B5h2vDoRhxKWMuCMPnNNCpgkbM fFRTWsjYwbdhZ1VwPLbw7/bQ5OJFom3mE80riZEdWUbdWw5BdncOdVztOb7ZiEtTue4Q Z3Nw== X-Gm-Message-State: AOAM531Vr19CLWLuUxZbvpOQQKpWshq+fZ0L2BUvX8j0MtG2S/5jVLSP dI9V+lCJH0zlRgFs2XlsZvG+NQ== X-Google-Smtp-Source: ABdhPJwOkI8SVR5UvHo5K6svmLeo1+kNeskqR5iNpEO+FheZaTUCg57KsFKdvOJUNL7HEFKfMgnjiw== X-Received: by 2002:a0c:fec5:: with SMTP id z5mr720652qvs.57.1623698191578; Mon, 14 Jun 2021 12:16:31 -0700 (PDT) Received: from [192.168.1.10] (c-24-98-254-8.hsd1.ga.comcast.net. [24.98.254.8]) by smtp.gmail.com with ESMTPSA id i13sm2685162qtr.43.2021.06.14.12.16.29 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 14 Jun 2021 12:16:30 -0700 (PDT) Message-ID: Content-Type: multipart/alternative; boundary="Apple-Mail=_B186D133-6AD6-4E66-A8E5-7225AE846266" Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.7\)) Date: Mon, 14 Jun 2021 15:16:27 -0400 In-Reply-To: Cc: PHP internals To: Craig Francis References: <5630B850-23F4-4734-B916-D9E181B491AC@newclarity.net> <429945ed-c328-e3b0-796f-62d7bc1bfe18@processus.org> X-Mailer: Apple Mail (2.3608.120.23.2.7) Subject: Re: [PHP-DEV] [RFC] is_literal From: mike@newclarity.net (Mike Schinkel) --Apple-Mail=_B186D133-6AD6-4E66-A8E5-7225AE846266 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Craig, > On Jun 14, 2021, at 5:36 AM, Craig Francis = wrote: >=20 > On Mon, 14 Jun 2021 at 09:07, Pierre wrote: >=20 >> Le 14/06/2021 =C3=A0 02:41, Mike Schinkel a =C3=A9crit : >>> A big*NO* on warnings. Full stop. >>=20 >> [...] Any warning raised by the low level functions would be too >> restrictive. >=20 > Hi Pierre, I'll be talking to Mike on Zoom later today (5pm UK time), = which > you're welcome to join. Thank you for making yourself available to discuss the RFC on a Zoom = chat. It was super helpful to be able to hash out concerns without = getting into an avalanche of email, and frankly it would be great if all = future RFC authors were to do the same. I was able to better understand = your concerns, and hopefully you were better able to understand mine. Just to follow up, I wanted to re-iterate that I think it is critical = that you give users in userland an "escape valve" for when library = authors =E2=80=94 including junior developers =E2=80=94 force users to = provide a literal but the use-case makes that impossible. I think we both agreed that the most promising thing we discussed would = be if userland could create a "trusted object" using some combination of = implementing an interface and/or using an attribute such as you see in = the example below: class PostGetter implements LiteralInterface { private string $post_id; public function __construct( int $post_id ) { $this->post_id =3D intval($post_id); if ( 0 =3D=3D=3D $this->post_id ) { throw new Exception( "Sorry, your post_id is not a valid = non-zero integer." ); } } #[IsLiteral] public function __ToString() { return sprintf( "SELECT * FROM wp_post WHERE ID=3D%d", = $this->post_id ); } } // $sql accepts a literal string, or a LiteralInterface implementor=20 // having a __ToString() method with the #[IsLiteral] attribute function safe_sql_query( string|LiteralInterface $sql = ):mysqli_result|false { if ( ! is_literal( $sql ) ) { throw new Exception( "Sorry, you cannot use an non-literal = here." ); } $connection =3D mysqli_connect( ... ); return mysqli_query( $connection, $sql ); } // // Our LiteralInterface implementor in use // $pg =3D new PostGetter( $_GET['post_id'] ); $result =3D safe_sql_query( $pg ); print_r( $result ); You said you wanted to think about this approach so I am looking forward = to yours and other's thoughts on the validity of this approach.=20 Note that I mentioned that some people might have an issue with using = the __ToString() magic method and instead might want named methods = defined in an interface to be used instead. So maybe LiteralInterface = could define a method asLiteral() that the class would need to = implement. And in a future RFC maybe SqlLiteralInterface could define = asSqlLiteral(), etc. These are the obviously points to be hashed out on = the list.=20 Also note I used sprintf() in my example rather than mysqli_prepare() on = purpose because WordPress uses mysqli_query() and mysqli_query() expects = SQL as a string, not a prepared statement. I could have used = $wpdb->prepare() but then many people on the list might not be familiar = with that aspect of WordPress and safe_sql_query() is an approximation = of $wpdb->get_results() assuming $wpdb were an instance of a newer = object that checked is_literal(). As a final comment I know you mentioned that we only have two weeks to = get this RFC into the next release of PHP and that is why you are = anxious to avoid addressing how userland can create "trusted objects" = for this RFC However, I think it would be far better to address that = concern in this RFC even if that means delaying is_literal() until a = later version PHP and instead provide time to addresses this concern and = any other's concerns. -Mike P.S. Also, happy to do another Zoom call if you would like to hash any = of this out further, just email me privately. --Apple-Mail=_B186D133-6AD6-4E66-A8E5-7225AE846266--