Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:116761 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 18772 invoked from network); 2 Jan 2022 13:06:26 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 2 Jan 2022 13:06:26 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id CC3D41804D4 for ; Sun, 2 Jan 2022 06:13:06 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,MISSING_HEADERS, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-lj1-f181.google.com (mail-lj1-f181.google.com [209.85.208.181]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 2 Jan 2022 06:13:03 -0800 (PST) Received: by mail-lj1-f181.google.com with SMTP id h21so40212548ljh.3 for ; Sun, 02 Jan 2022 06:13:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fyberstudios-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:cc; bh=YehpTPphKEDdUwXsGhy7vRR5O6Gpy73GpDAcil/F7ZU=; b=ZFoYUcT6BMGdZKkL2BOXefMyKrtqGX6ZUof7+PrPtMrG1H4zjA5reBNQgvEc/3/9fP fJ/z1F/sMO9f2lDofB3Ltamv9Ld3LoajMKFeBhr5QmkJMa4SvxVMSPXDcvutRNskbpiy 2BlJsv3JgyjWBfuH50HukN+M0xyhAyIt4zFIJ+AFb9p62d8GXlr6MGwvYkHW0aLqSjk/ msGI2QMc2ORY0wjvXgI4T/31RS5htiqa3bcbQY1jgw2KllK3wVVmZJ9d/3/ANekWShPz LzCfDIv1FwEDcV5ir7FfrUPmXLLJGJqUdyENBL9aqUVvbckd9yOxgEqwTe+QycEvgQEn 7vaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:cc; bh=YehpTPphKEDdUwXsGhy7vRR5O6Gpy73GpDAcil/F7ZU=; b=p07iKCMBCmegOrxXWvKmgCPPihh/R7CWToy1y+67Pd2lpXI/VRoFvpLTAooqbabKDj Sm/9NrUbGgoHeRdIdbmujAObvTAt6BGU36B0r0n3mwuh+755CCUcjHrWAxpI1PeNEvkt GS4mb84VpDcecdK26CvXT52Xxx+AModRMCAW+kX9/CVVroshAOTuQqZh4zOyQSLTfdmp W8fEIJeWu7pW2f0iChS+wWSk/Ksi3DdfpxQT6QGyHzwFDJpAlpNODYhSjfir73unypp0 NYss0x9UFj2KZTdpBIbAkd1xK5fYXHPB5BZT4q9DYG9dAM1lF6NyOTZBNcJ+3aUHnOhA EVkA== X-Gm-Message-State: AOAM530GFsGcmOTVJhplnkyYYGW/2NLjEIdDWiZIHPx9zBvM3YJTvt1Z ubIV5t9h6tSM61X1Dw1PdkpNdWi0vQhlyTJMH+w+ciac38Q= X-Google-Smtp-Source: ABdhPJwG/YrqqEotzQ7kIGaJfMasUVFPI7mTVGpiLFb60unKzccHNZVw+hdrrqSK0+wO3WAs416P4d8D8U559xSdEOU= X-Received: by 2002:a05:651c:1246:: with SMTP id h6mr21651926ljh.300.1641132780220; Sun, 02 Jan 2022 06:13:00 -0800 (PST) MIME-Version: 1.0 References: <1640910093.890171965@f721.i.mail.ru> In-Reply-To: Date: Sun, 2 Jan 2022 08:12:49 -0600 Message-ID: Cc: PHP Internals Content-Type: multipart/alternative; boundary="00000000000064f6f105d49a00f6" Subject: Re: [PHP-DEV] RFC: Stop to automatically cast numeric-string to int when using them as array-key From: nwallace@fyberstudios.com (Nick Wallace) --00000000000064f6f105d49a00f6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I've sent a few emails to unsubscribe. Please remove me from this list. I'm tired of these fucking emails about a dead language On Sat, Jan 1, 2022, 8:41 AM Rowan Tommins wrote: > On 31/12/2021 00:21, Kirill Nesmeyanov wrote: > > I support this behavior fix because in its current form, due to a > similar problem (almost?), all PSR-7 implementations contain bugs that > violate RFC7230 (section 3.2: > https://datatracker.ietf.org/doc/html/rfc7230#section-3.2 ). Thus, > physically, by the standard, all headers can have the name "0" (like =C2= =AB0: > value=C2=BB), but when stored inside implementations, it is converted to = a > string and a problem arises ($message->getHeaders() // > returns array instead of array). > > > You appear to be technically correct - the RFC defines a header name > only as "token", which implies the following would all be valid HTTP > headers: > > 42: The Answer > !: Bang > ^_^: Surprised > > In practice, it would be a bad idea to use any of these. > > Every single one of the field names registered with IANA [1] starts with > a letter, and proceeds with only letters, digits, and hyphen ('-'). [The > exception is "*", listed there as "reserved" to specifically prevent its > use conflicting with the wild-card value in "Vary" lists.] > > I'm actually surprised this definition hasn't been updated with > interoperability advice in recent revisions of the standard. I did find > this general advice for internet message headers in RFC 3864 [2]: > > > Thus, for maximum flexibility, header field names SHOULD further be > > restricted to just letters, digits, hyphen ('-') and underscore ('_') > > characters, with the first character being a letter or underscore. > > The additional restriction on underscore ('_') in HTTP arises from CGI, > which maps headers to environment variables. For instance, Apache httpd > silently drops headers with anything other than letters, digits, and > hyphen [3] to avoid security issues caused by environment manipulation. > > If I was developing a PSR-7 or similar library, I would be inclined to > drop any header composed only of digits, and issue a diagnostic warning, > so that it wouldn't escalate to a type error later. It certainly doesn't > seem reasonable to change the entire language to work around that > inconvenience. > > [1] https://www.iana.org/assignments/http-fields/http-fields.xhtml > [2] https://datatracker.ietf.org/doc/html/rfc3864#section-4.1 > [3] https://httpd.apache.org/docs/trunk/env.html#setting > > Regards, > > -- > Rowan Tommins > [IMSoP] > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > --00000000000064f6f105d49a00f6--