Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:117791 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 52684 invoked from network); 26 May 2022 12:18:55 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 26 May 2022 12:18:55 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 3F085180382 for ; Thu, 26 May 2022 07:01:40 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_05,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-yw1-f181.google.com (mail-yw1-f181.google.com [209.85.128.181]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 26 May 2022 07:01:36 -0700 (PDT) Received: by mail-yw1-f181.google.com with SMTP id 00721157ae682-30007f11f88so16192737b3.7 for ; Thu, 26 May 2022 07:01:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=x1B1CHJ1hMUMw06lvfWI+hO1xH2JXGTOxX/FXoyL0JU=; b=m+GACvWT0f9rfegI5b2lJqx0NcOis8ohF3rc2n483flOkMKJb8SCxZLNsYdkTKx8F/ B7iUYPYd5ylWcodbyVgfd9RlJb03PJcr36b2qBC8XQtXUvo+yJxveSvTqJlscsAOoPba o/VfrDink7YhqEotUth3E6VO+ALtqndCGLdfzpZs/dbEmKBQV1cCjJrSaGbjbCgy/vpB FrZpNXvs95GBRd27n3rut0G5BTm6I55suuG7e+rX4G5c5IOf2JDuFmm2uJycUET1VODO uRpUUgu6ApqS6MHylnShR6lPxKeRQvVt8S6kwfSFKFtCtFOGukiAkD5Q2bZXQJQbRAIQ r55g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=x1B1CHJ1hMUMw06lvfWI+hO1xH2JXGTOxX/FXoyL0JU=; b=xpAYSEtVMzM5kBvx5dmqwh4e0PBNQAkfir/Yxirx+vsRP1jMCqrd5vfrFF4Bsag0FH pW3wX8PElYecYY5AE9A28D/ExesoaXueKpOeh8FJQ1H/U3/z1kuC2Nv4YbtRj8VSmNF9 wx3fUWx/dXmZrdAOvko+mPvK4iKce6bVP+EDeO1ZkTdbtnDPHMw2Q9uKezkN+9FYiiMJ GVOno1dfrBpXAKhLXjQMVu3mupxDf/zHI3WxWSnPSuojZ2yfa6917+onHmlj2tQbYpv9 Jy7cpn416S88UKiiW8f7s5g6RThtZVvDY5S3V44tuUX+Bjuvg3eo8jIBF+saNAYbFt51 9vsA== X-Gm-Message-State: AOAM531A7qHnFZ83mRQvWGt1+a2B/yCWfu4eEB55Qh7Tjr+tihmiN2jB 8t85NF9ufbDQNXwi+YZQ+tRmdgh2+SYcreVO/Tok72j9 X-Google-Smtp-Source: ABdhPJwDqf8KZRrrpqAGZ3Y0nXjsDpuuYzLe5/kOu75TE79FQrqRSMaMckvMtyQopPveHBUgEpEVZ50SHLa+rlAUV6Q= X-Received: by 2002:a81:ae05:0:b0:304:60:f075 with SMTP id m5-20020a81ae05000000b003040060f075mr1282550ywh.460.1653573696045; Thu, 26 May 2022 07:01:36 -0700 (PDT) MIME-Version: 1.0 References: <1755E8B5-229B-47B2-BBAF-B5E014F5473D@craigfrancis.co.uk> <1180af01-080f-ee0a-3159-74bf7e0a8aea@gmail.com> <73F563E2-7C31-4B5E-A6B9-AE1BD05ADD1C@craigfrancis.co.uk> In-Reply-To: <73F563E2-7C31-4B5E-A6B9-AE1BD05ADD1C@craigfrancis.co.uk> Date: Thu, 26 May 2022 09:01:25 -0500 Message-ID: To: Internals Content-Type: multipart/alternative; boundary="000000000000c3487605dfeaa046" Subject: Re: [PHP-DEV] NULL Coercion Consistency From: michael.babker@gmail.com (Michael Babker) --000000000000c3487605dfeaa046 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, May 26, 2022 at 7:21 AM Craig Francis wrote: > That said, I would still like to know about the benefits of rejecting NUL= L > for `htmlspecialchars()`, in the context of that Laravel Blade patch; > because, if it is beneficial (vs the BC break), they should revert that > patch... shouldn't they? > No, they should not. Laravel made an explicit choice to handle null values in its escaping function for its templating framework. That is their choice to make. They should not be forced to implicitly handle null values because the language decides to add implicit type coercion to user defined functions (because consistency seems to be so important to some), and they should not be forced to reject null values because underlying language functions reject them as well. Every implicit type coercion is a bug in hiding IMO. If something doesn=E2= =80=99t explicitly support null, you shouldn=E2=80=99t have been passing null to it= in the first place. Relying on magic language behaviors to prevent type errors is not a long term sustainable code pattern. If a function, by explicit design, can safely work with null values then that parameter should be properly declared nullable. If a function, by explicit design, does not support null values then a type error is a hugely acceptable response. Yes, that means that there is a lot of work involved for folks between now and the release of PHP 9.0 to either refactor code to avoid type errors or to get the language to expand the supported types in appropriate functions, but IMO that effort from all parties is worth it in the long run to ensure language consistency (I really don=E2=80=99t think userland PHP and internal/extension PHP should have vastly different behaviors, and type coercion support based on where a function is designed is one of those holes that needs filled) and to ensure all APIs explicitly declare what types of data they support. --=20 - Michael Please pardon any errors, this message was sent from my iPhone. --000000000000c3487605dfeaa046--