Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:115065 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 40841 invoked from network); 23 Jun 2021 14:22:10 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 23 Jun 2021 14:22:10 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id BB3051804E3 for ; Wed, 23 Jun 2021 07:40:42 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: **** X-Spam-Status: No, score=4.0 required=5.0 tests=BAYES_00, GUARANTEED_100_PERCENT,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com [209.85.208.176]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Wed, 23 Jun 2021 07:40:42 -0700 (PDT) Received: by mail-lj1-f176.google.com with SMTP id z22so3298487ljh.8 for ; Wed, 23 Jun 2021 07:40:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QYFomW0e5dw5/Opjr+YG1sJXch6wWlmTKD1WQ690XbI=; b=af/YF0RTZSleC2luHqj0LJKGr5tgMdRnP10m3EQCtmtNBnQICAo8e4QJHk5wR62Xt6 aNZvaoaQMMwXNnl1x8LOtzSM5Zqr7k4w/pGzepZqztK8wZPki1Dx7/UFkJuyPqZ8xYiY vr2n8wdsXKhM9dBNvEI09h1klrzJ41HtmUrJrTVsvHvGJp+bzbVrtD3kSM4WaQEc3ZPK hFyytoTdfcNCaFzgNaZmoG1bCkGILqfNUlPu67KW0Tm9W2bAyqVbMlTTUSM6XwqyxeOV XU4doQZdrnQYx6CNpkwEw5HMJVge6J6Rk+DJSksqU7JC+EaIycKTsoQaCE4cyP3Kfzyp TsBQ== X-Gm-Message-State: AOAM530FjWWs4YoTiy8mGsL26HtLIIyiJ9PPNq7yB8sw1fwaJIF6tCEJ dX02Njn/sLmvQHYrxlxZNuZvfFI68wSdN6oiVsd98g== X-Google-Smtp-Source: ABdhPJx8h128RoYbZbNdNCc0SqwJpu2CICUoHzA9ziAgyHCkd1mA9dPvrwW4OuNf+n/VJjhmaatdYPV6v3+rAvQUVvg= X-Received: by 2002:a2e:824c:: with SMTP id j12mr29700ljh.360.1624459240829; Wed, 23 Jun 2021 07:40:40 -0700 (PDT) MIME-Version: 1.0 References: <0CD1762E-6094-4DEB-B1B5-22CFBDAAFF44@php.net> In-Reply-To: Date: Wed, 23 Jun 2021 09:40:29 -0500 Message-ID: To: Craig Francis Cc: Benjamin Morel , Derick Rethans , PHP Internals , Yasuo Ohgaki Content-Type: multipart/alternative; boundary="00000000000000a02705c56fe486" Subject: Re: [PHP-DEV] [RFC] is_trusted - was is_literal From: pollita@php.net (Sara Golemon) --00000000000000a02705c56fe486 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Resending this, because the mail daemon sent it back as spam, and we shouldn't be running our own mail server any more than we should have been running our own git server. Seriously. What about this looks spammy, I ask you? On Wed, Jun 23, 2021 at 9:36 AM Sara Golemon wrote: > On Mon, Jun 21, 2021 at 6:29 PM Craig Francis > wrote: > > On Tue, 22 Jun 2021 at 12:18 am, Benjamin Morel < > benjamin.morel@gmail.com> wrote: > > > On Tue, 22 Jun 2021 at 01:06, Derick Rethans wrote: > > >> On 21 June 2021 23:37:56 BST, Yasuo Ohgaki > wrote: > > >> > > > >> >The name "is_trusted" is misleading. > > >> >Literal is nothing but literal. > > >> > > >> I agree with this. The name is_trusted is going to be the same namin= g > > >> mistake as "safe mode" was. Developers will put their trust in it > that it > > >> is 100% guaranteed safe. > > > > > > > > > FWIW, agreed, too. Trusted is vague and may imply some false sense of > > > security. Literal is literally what it says on the tin. > > > > > > > Yasuo's contrived "faking it" eval example aside, I 100% agree with > Derick, Benjamin, Levi, > and everyone saying that `is_trusted` is quite possibly the worst name > that could be > chosen for this. ((Okay, they didn't say that, but I am)) > > Why not call it `is_safe` and really embrace the bad idea that was > safe_mode properly. > No. Nope. Hard no. > > > I can follow up properly tomorrow, but by popular request we do support > > integers as well (could be seen as stretching the definition of > =E2=80=9Cliteral=E2=80=9D a > > bit). > > > > Is a hard coded integer not a literal value? > Nothing about the name 'literal' speaks to type, only to provenance. > > > Then someone said they wanted to check if an integer was a literal too = - > > but because of technical limitations, it now allows any integer, > > regardless of where it came from, to be treated as a literal. > > > > Oooooh, I missed this. Yeah. No. > If the provenance of an integer is unknown then it is neither literal nor > trusted. > It's a grenade and precisely the kind of thing that breaks any attempt at > safety. > Why can this not be tracked? Is there no space in the zval to track > IS_LITERAL > as a flag rather than (and I'm making guesses about the current > implementation here) > storing it off the zend_string? As a zval flag, it becomes theoretically > applicable > to any type (though for obvious reasons resources and objects have a hard > time > demonstrating literality). > > > That said, I=E2=80=99m really glad that the only issue we seem to have = is the > name. > > > > As I've said off-list more than once, I'm not a fan of this feature in > general as > it provides a false sense of security, so no... the name is not the only > issue. > Using a loaded word like 'trusted' just makes the false-security > implication worse. > > Take all that as you will because I'm probably still -1 on the feature > overall > regardless of the name, so my opinion on the name probably doesn't matter > in that respect, but for me at least, it turns my probable -1 into a > definite -1. > > -Sara > --00000000000000a02705c56fe486--