Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:115052
Return-Path: <pierre.php@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 78452 invoked from network); 23 Jun 2021 07:07:44 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 23 Jun 2021 07:07:44 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 450081804C9
	for <internals@lists.php.net>; Wed, 23 Jun 2021 00:26:11 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <pierre.php@gmail.com>
Received: from mail-oo1-f41.google.com (mail-oo1-f41.google.com [209.85.161.41])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed, 23 Jun 2021 00:26:10 -0700 (PDT)
Received: by mail-oo1-f41.google.com with SMTP id n20-20020a4abd140000b029024b43f59314so503949oop.9
        for <internals@lists.php.net>; Wed, 23 Jun 2021 00:26:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=q/m5G2QdhcTYbkPlOem//yWbUark1P+sLGf7ZfTAwhw=;
        b=DsrPBim6W47QdgoPK584sX77CeGUop/rXeq5Fi1MNOM5aVwqu2gySXbEiNNGJiWx9T
         3XiEBnDBOgerE3ZsZ+UuXE9tp6gNd2G+EPgAyIoCUvRCu4YjA77Dpwu7Vj/NkSUTMvwH
         PN6XYVksSb1WzeEtX4bDdoeSnTNOeJgY6i38v0MMOf037zkAMNUOmrh1lwnUlhPU19zJ
         M9RT3XPX2vX6Ckrb7XAWSBluysbf+Z8ZJTZnwO8m4mmR0h0rItYbB9cpcPU3Nx87H/ZV
         ekRQ0APmXKs9JMQYB7hI5e8zxkGOrtGX+EgDY+wSm5ued6xRYtvsPNlPMuE1vPacFBs8
         77mw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=q/m5G2QdhcTYbkPlOem//yWbUark1P+sLGf7ZfTAwhw=;
        b=lqc1pFOYIvFh4JL2i71yReHupXyyqFS+2WzmOUDSqgy25+f7qdkMh6P0nUPkKIMGm+
         rQ4I0ICRxhYc2tS9en+1xyQPRCQS50KCfXmRIm4cSM/IvpV1mKfH/wb3hdciPAOfdUnj
         K0DJlJ2ESmxQgW9UBm8G5qMxpMBwVyeC1cyYzZ9uPP4aO9XPQt/VqCV0DkDfmMawQPdg
         GHdOIRhaGI7Zjl6GdQPe5/6+PP2Vy2KhLS3nV4RjrATdrJaVX52YLRN/o7rZCv9aTcmz
         kXp/pRYJbHTZ0h9F6Nz7SAsJShlIGX4DgYB0n5IC0bS1hJhjNrVl1sUbnWODafmPazz7
         3HcQ==
X-Gm-Message-State: AOAM532w/lE9wqwqkkoQtjAsKByHhV0gNN35jSDE2YskX4GOB2ogbrqc
	RgbFPRYUvUcXbg967vLy38YdIhJUhIY5yyuWwtY=
X-Google-Smtp-Source: ABdhPJzuOQqML/dIbbOsrwWGFBVlyXqtOUSMZvwPoGTHszowakDmWSWtGkN3PFHT/DvIjMuqxjyZJT46vsF8FP0lIJ8=
X-Received: by 2002:a05:6820:23c:: with SMTP id j28mr6841127oob.88.1624433170093;
 Wed, 23 Jun 2021 00:26:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAFv4g+GjXqiZkA2fawt7jHDtDAKjB0rv=Lfbcobu7bn8B=wvpw@mail.gmail.com>
In-Reply-To: <CAFv4g+GjXqiZkA2fawt7jHDtDAKjB0rv=Lfbcobu7bn8B=wvpw@mail.gmail.com>
Date: Wed, 23 Jun 2021 14:25:59 +0700
Message-ID: <CAEZPtU5SW438T-RwrtJbypfHaWHV22NDppbr8_u2ntrn8=8g_Q@mail.gmail.com>
To: Craig Francis <craig@craigfrancis.co.uk>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] [RFC] is_trusted - was is_literal
From: pierre.php@gmail.com (Pierre Joye)

Hello Craig,

Very well written RFC, good job!

Others have said it already, but here are my thoughts. Many moons ago,
I was on this way as well and the filter extension came out. As it
fits for some projects, the actual gains were very far, to say the
least, from what I would have expected.

Since quite some time, and that thinking is intensified with the
support of native annotation, is that such a thing does not fit into
the core language(s). It will never be "trustable" 100%, which defeats
its main purpose or existance.

The large majority of apps or frameworks out there provide their own
interface to deal with external data input. Advanced ones like Symfony
can provide you an Entity where a parameter is the ID of that entity,
handling all safety checks. Others will provide a Request
implementation with getters as specific types, etc. This allows it to
be tightly linked to the actual usage or logic. It is impossible to
even agree on such an interface in the core.

As well intended as it looks, I think input data filtering is better
implemented in userland. And we may keep ourselves from reintroducing
trusted or safe mode, no matter where. I hope I don't sound too
negative, I am really convinced this is a bad idea and introducing it
again in 8.x will hunt the core for a decade to  come. :)

Best,

On Tue, Jun 22, 2021 at 3:25 AM Craig Francis <craig@craigfrancis.co.uk> wr=
ote:
>
> On Sat, 12 Jun 2021 at 18:00, Craig Francis <craig@craigfrancis.co.uk>
> wrote:
>
> > I'd like to start the discussion on the is_literal() RFC:
> > https://wiki.php.net/rfc/is_literal
> >
>
>
> To recap,
>
> - We have chosen the name is_trusted(), based 18 votes for, vs 3 against.
>
> - Integers are now included, which will help adoption:
>
> https://wiki.php.net/rfc/is_literal
>
> (Joe=E2=80=99s currently updating the implementation to have the new name=
, but all
> the functionality is there).
>
> I=E2=80=99m glad this RFC has been well received; and thank you for all t=
he
> feedback, I really think it=E2=80=98s benefitting the implementation.
>
> Craig



--=20
Pierre

@pierrejoye | http://www.libgd.org