Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:117394 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 39137 invoked from network); 22 Mar 2022 08:14:25 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 22 Mar 2022 08:14:25 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id E73D6180381 for ; Tue, 22 Mar 2022 02:40:51 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-vk1-f171.google.com (mail-vk1-f171.google.com [209.85.221.171]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 22 Mar 2022 02:40:51 -0700 (PDT) Received: by mail-vk1-f171.google.com with SMTP id w128so9266326vkd.3 for ; Tue, 22 Mar 2022 02:40:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HEoiwaWe3Cr3Q+oqib0j8VIbINKGAlGTXnpr+nvfd7g=; b=KjUOl43y9tTTbqUHN9x3gjQQJl3PycNYyUfsx96HX0pANBGo+/qc67af4gss7CU1V0 0ixnTe1PsY5phmN/p1bDKWzO8mvPxFITKmQch7fuvxT9G4PE4LTjZpqgs39s2RkT20br 84Ajyj+cLczG/xXWGSk/+K54alFQ18pnDImjj4AZ3AcXXB8jYb1fWrwZuBmbWT2FayQa 3YnYEiCl2V2dWB/gvysnvogf0tKaDxc0IDfY+zXKIHAvtcz5F+vMRGzsM0CBy/XQ/GQq a1mhSLvDiDqK8L/EkSKjZLf9EX1nwkD56KWwFEuAjYE7uK5ZX+HYqiWIi2J646FRkklN ZClw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HEoiwaWe3Cr3Q+oqib0j8VIbINKGAlGTXnpr+nvfd7g=; b=AFCqMIhqYE63Nss72Brq5gGRkUZYg4M/rBD3XCZ7KV3W0YKdble8N8quxalbBsLubt 6mtfQw5kySOOs4MPVYOpanvFybCSoocLj4YaGTdRirr+Rp9PzsGzssGEJiRFSgcB3vfM 4IHwgBM2Kkm/3qc6rX20sZR6g0qnh5wNz2RO0nw6G8Ou3/PvmxSFAn47sE9r25WEWhUO rukEwV54WhUBHuKU9+d4g0uTvzuNu4GROWt4deaTK78DOv4TE5JUqQ/bKHihlldBiQCu Q57bwiwnEJqId4tg7IrYnEFNMJ1b3mF3ACBW4N+DiW4YnjIBJkH42k4uy4H24ud+Hhyv 7Uiw== X-Gm-Message-State: AOAM532CYRnUl1ENCTWLAbh0mDNXbLJiJHK/zsTsvYhT6B/oIUgnTIE6 nq2zlT2KEPXHL3+wEW0T8fwCw9GFRPDXSJf59sDsd1of1J8= X-Google-Smtp-Source: ABdhPJzhgrE8ko+jrXQjajEPPhIQuZsTjapjd55iHtHy/daHN8TkGsl0GjJ6s2VThMQ32qBB4OG/1QK28JRM4cXEmIs= X-Received: by 2002:a1f:b48a:0:b0:333:fd9:a4e2 with SMTP id d132-20020a1fb48a000000b003330fd9a4e2mr9273361vkf.34.1647942049862; Tue, 22 Mar 2022 02:40:49 -0700 (PDT) MIME-Version: 1.0 References: <1289b56c-e766-4889-bbb2-06abb4e63a6d@www.fastmail.com> In-Reply-To: <1289b56c-e766-4889-bbb2-06abb4e63a6d@www.fastmail.com> Date: Tue, 22 Mar 2022 10:40:39 +0100 Message-ID: To: Larry Garfield Cc: php internals Content-Type: multipart/alternative; boundary="0000000000007e17eb05dacb68a1" Subject: Re: [PHP-DEV] Discussion: String streams From: michal.brzuchalski@gmail.com (=?UTF-8?Q?Micha=C5=82_Marcin_Brzuchalski?=) --0000000000007e17eb05dacb68a1 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I don't have much to say on that besides that I feel it's a great idea and if that can be built with parametrized type streams (not limited to strings only) then I'd be even more thrilled with such functionality. Thanks for this idea and I hope it get materialized soon. Cheers, Micha=C5=82 Marcin Brzuchalski pon., 21 mar 2022 o 18:10 Larry Garfield napisa=C5=82(a): > On Mon, Mar 21, 2022, at 10:23 AM, Sara Golemon wrote: > > TL;DR - Yeah, PHP, but what if C++? Feel free to tell me I'm wrong and > > should feel bad. THIS IS ONLY IDLE MUSINGS. > > > > I was reading the arbitrary string interpolation thread (which I have > mixed > > feelings on, but am generally okay with), and it got me thinking > > about motivations for it and other ways we might address that. > > > > I spend most of my time in C++ these days and that's going to show in > this > > proposal, and the answer is probably "PHP isn't C++" and that's fine, > but I > > want you to read to the end, because XSS is perennially on my mind and > this > > might be one extra tool, maybe. > > > > PHP internal classes have the ability to handle operator overloads, and > one > > use for overloads I quite like from C++ is streaming interfaces. Imagi= ne > > the following: > > > > // Don't get hung up on the name, we're a long way from bikeshedding ye= t. > > $foo =3D (new \ostringstream) << "Your query returned " << $result->cou= nt() > > << " rows. The first row has ID: " >> $result->peekRow()['id']; > > > > At each << operator, the RHS is "shifted" into the string builder, and > the > > object instance is returned. At the end $foo, is still that object, bu= t > > when it's echoed or cast to string it becomes the entire combined strin= g. > > As implementation details, we could keep the string as a list of segmen= ts > > or materialize completely, that could also be optimized to not > materialize > > if we're in an output context since the intermediate complete string is > > unnecessary. Don't worry about this for now though. > > > > That by itself is... curious as an option, but not terribly interesting > as > > we DO have proper interpolation and it works just fine, right? > > > > The reason I'm bothering to introduce this is that we could also build > > contextual awareness into this. During instantiation we could identify > the > > context like: > > > > $forOuput =3D new \ostringstream\html << "You entered: " << > > $_POST['textarea']; > > $forURIs =3D new \stringstream\uri << BASE_URI << '?'' > > foreach ($_GET as $k =3D> $v) { > > $forURIs << $k '=3D' $v << '&'; > > } > > > > These specializations could perform automatic sanitization during the > > materialization phase, this could even be customizable: > > > > $custom =3D new \ostringstream\user( landonize(...) ); > > > > We wouldn't be giving arbitrary operator overloading to the user, only > > arbitrary sanitization. > > > > Alternatively (or in addition), the point of materialization could be > where > > we make this decision: > > > > echo $stream->html(); > > > > ------ > > > > I'd build this in userspace, but of course we don't have operator > > overloading, so the API would be a somewhat uglier function call: > > > > $stream->append("This feels ")->append(FEELING::Sad); > > > > Maybe the right answer is open the door on user-defined operator > overloads, > > but my flame retardant suit is in the shop and I don't really need to > open > > that mixed metaphor. > > > > -Sara > > What you're proposing here is: > > 1. An overloadable operator on objects (via a new magic method or > whatever) that takes one argument and returns another a new instance of t= he > same class, with the argument included in it along with whatever the > object's existing data/context is. > 2. Using that for string manipulation. > > If you spell the operator >>=3D, then point 1 is adding a monadic bind. > This has my full support. > > Using it for string manipulation is fine, although there's a bazillion > other things we can do with it that I would also very much support and ca= n > be done in user space. Whether or not it makes sense for some of these > operations to be done in C instead is up for debate. Once an arbitrary > object can have a socket, that plus monads can push most stream operation= s > to user space. > > Building a "stream wrapper" like thing, or a filter, then becomes some mi= x > of object composition and binding. > > > $s =3D new StripTagsStream(new ZlibCompress(FileStream($fileName)) >>=3D > $htmlString; > > Which... feels kinda Java clunky. It would be better if we could chain > out the wrapping levels. Which could potentially just be done in the > implementation to allow a stream on the RHS to mean that. > > public function __bind(Stream|string $s) { > if ($s instanceof Stream) { > return $s->wrapAround($this); > } > // Whatever this object does with a string. > } > > $s =3D new FileStream($fileName) >>=3D new ZlibCompress() >>=3D new > StripTagsStream() >>=3D $htmlString; > > I'm... not sure which direction we'd want them to go in. Just > spitballing. Some way to automate that pattern would likely be good. > > But yeah, a native bind operator has my support. :-) > > --Larry Garfield > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: https://www.php.net/unsub.php > > --0000000000007e17eb05dacb68a1--