Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:115306
Return-Path: <craig@craigfrancis.co.uk>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 84225 invoked from network); 5 Jul 2021 17:53:25 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 5 Jul 2021 17:53:25 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 65DD41804C8
	for <internals@lists.php.net>; Mon,  5 Jul 2021 11:14:59 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no
	autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <craig@craigfrancis.co.uk>
Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com [209.85.208.173])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Mon,  5 Jul 2021 11:14:58 -0700 (PDT)
Received: by mail-lj1-f173.google.com with SMTP id p24so25716305ljj.1
        for <internals@lists.php.net>; Mon, 05 Jul 2021 11:14:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=craigfrancis.co.uk; s=default;
        h=mime-version:from:date:message-id:subject:to;
        bh=qXDh83CzjE9rFfVP9X8cpSMggSIVZ9nuC9Mqeqrg2d0=;
        b=g8w4kXIyFFHwsukTI0gf/iAZTqla9qTvbmVId5DrGdcJ0s5U5V1AbLoarML0jEejOx
         AbULbgqkWnZkqCQNyS6u/jC1abRUZMhpZb39QBWUSeRbjICffkZvRBSnJdb5mGE2z0pZ
         FHi8UXJkJ9T9Xf9DX/E2+f9OY91pdLvQfGPUo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=qXDh83CzjE9rFfVP9X8cpSMggSIVZ9nuC9Mqeqrg2d0=;
        b=LU+UMo+vPLZRMaqSmQsRFcrrmC4MjZrGLwKBoTUo0QBC4QkwqsIpGAmS1jKKP6feWs
         7UO0sMA0jPUBJeiYdQackyQnbYnZk97kbMjaGZ4lYQTHwbn/+Rfqie8+kjYDuVyAYuEg
         P6EKSls2OHlRO0vp3meL0FxNX/saL8kSnNmiYZbAUCEK0Sl1TJMAHUfL3qmdKbt7aJZV
         uEYNpQJLt3auY6bK/XM0Q0ohO1xQUyQD8HMjd85IBaNbjhdBHq6WPAMYLCkAjmx+qwDf
         jHo3QoqA518HPVoFnrJ2eYKwQY3Pbjh0r+JKuvxLC3qe3nzGX097TOpYb+kGgRo64FSP
         kSyw==
X-Gm-Message-State: AOAM530pXrik1oc2pouDaDZt8c21voQkk8wQEnF0Zd5o4An+vBsBfstv
	ENVuUmBzyrWdon6v2pOnr/8Yt70E/ejqxeYabYtM5n2tnpN/8sXN
X-Google-Smtp-Source: ABdhPJzDaskqrQqviWfcwvHtOcVz4cWR7qP4qGuwcp/VEd6IKOOkatMGzDoy6mabm0PzhZy2vz1LBK6W+iP1iWV4jJE=
X-Received: by 2002:a2e:a4ad:: with SMTP id g13mr12259369ljm.279.1625508896437;
 Mon, 05 Jul 2021 11:14:56 -0700 (PDT)
MIME-Version: 1.0
Date: Mon, 5 Jul 2021 19:14:45 +0100
Message-ID: <CAFv4g+HRHrvCOTgpbVfCXj06De1kL+1+RwnGgq6tcyLNAtLfQA@mail.gmail.com>
To: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="0000000000005a0aae05c6644820"
Subject: [PHP-DEV] [RFC] [VOTE] is_literal
From: craig@craigfrancis.co.uk (Craig Francis)

--0000000000005a0aae05c6644820
Content-Type: text/plain; charset="UTF-8"

Hi Internals,

I have opened voting on https://wiki.php.net/rfc/is_literal for the
is-literal function.

The vote closes 2021-07-19

The proposal is to add the function is_literal(), a simple way to identify
if a string was written by a developer, removing the risk of a variable
containing an Injection Vulnerability.

This implementation is for literal strings ONLY (after discussion over
allowing integers) and, thanks to the amazing work of Joe Watkins, now
works fully with compiler optimisations, interned strings etc.

Craig

--0000000000005a0aae05c6644820--