Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:118730
Return-Path: <davidgebler@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 47785 invoked from network); 3 Oct 2022 00:18:40 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 3 Oct 2022 00:18:40 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 602331804AC
	for <internals@lists.php.net>; Sun,  2 Oct 2022 17:18:38 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <davidgebler@gmail.com>
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun,  2 Oct 2022 17:18:37 -0700 (PDT)
Received: by mail-wm1-f53.google.com with SMTP id o5so6079386wms.1
        for <internals@lists.php.net>; Sun, 02 Oct 2022 17:18:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date;
        bh=ebA0RjoaUkHrOXyxW8FIc6v53VlDEh0cmT3UyrnFvPE=;
        b=NXK2tqc979GLOTReBlQno6jVmhMD6z7iYYz0pg/XQRxKVHuLXsCZvdHeumv5i3n6Mq
         7fmnjlCGK4nX2FYg3uPdZiZ1Rs0XTWjOI+BOpfQ6xJhtPq7TjATr2+t/KF00i3Bsg/bv
         vEmM7ZVRuo9w8dZtVADh14h7EQu50lKUkRJVjUJxwGvW6AiTbNhyGR7wEckoCIw+ligg
         aQr4YGoMtbc6ZcknCpLDkhPq1y6A/DXcWBxdvC5sNOiiT6HVqJwKsQc9gCh6mGkzRgU0
         2JkDDI2l7+zfPORL28kS9b9tq7JaFlWb+ayekrdLEldfySrpkZa8n2cBixPLM7Xp2CCX
         /iYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date;
        bh=ebA0RjoaUkHrOXyxW8FIc6v53VlDEh0cmT3UyrnFvPE=;
        b=XyEJa64DXhzAJkTP3dUWFXgBZ8Q8D6c8jO8KWtNmh9zdz6h7CRj0jI2lhbc3wK+XA5
         GMMQVy9bOGD/qoZMSgM6Qr7d7mIsUJ8GhY398EMo4TdMC7gegmop4DDjqL3HKw2O+UjM
         VYG72C5AzXB/8VHkkcLXHFhRBFG+i409Coyta4gaT7L/9rHbifhGkauWWsip5/ASJ5lA
         37y4JPHVEmydggnzqjI7hk7bGkEOZWU88M5MB/TbnDr5gf1OoWCIfcCRAxZDf8CnRvq0
         2qm2FWgItS79LNh/W+oiqC0w4GK0SEDQm2sbFcIHCtBNqjPTljpHK2z7ifl0gVgRfOVX
         AccA==
X-Gm-Message-State: ACrzQf1ZmBW3NBwShCKKPU/vSSKtCb+VDn1r5/5CMPuENrcx9sk7E+PQ
	QJWt7EbhYvmS8lQloKeA6WDGPxo5gOrpaY643zVBXCCWARs=
X-Google-Smtp-Source: AMsMyM7bfE+C7Fr+wgH8iqly4LaNgmyKepULENi3jkJDOdedfKu+nA2v9mOQxmeMj0N+07jDBJ4dSGc+1keQcrb5rdk=
X-Received: by 2002:a05:600c:1da2:b0:3b4:856a:162c with SMTP id
 p34-20020a05600c1da200b003b4856a162cmr5113821wms.28.1664756316495; Sun, 02
 Oct 2022 17:18:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAGBsUrdri=hXQHy5JnVhpiz51FbnqVBHjrBg9-tj8m=vzfZtzA@mail.gmail.com>
 <0cfb9a7b-1168-42ef-ae1a-bdc72210de43@app.fastmail.com>
In-Reply-To: <0cfb9a7b-1168-42ef-ae1a-bdc72210de43@app.fastmail.com>
Date: Mon, 3 Oct 2022 01:18:23 +0100
Message-ID: <CA+p1FaaDimmXXxfmGYogENvTpKp2qvyYNt4MyJT9HrehiTbXGg@mail.gmail.com>
To: Larry Garfield <larry@garfieldtech.com>
Cc: php internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="000000000000e1e21205ea164804"
Subject: Re: [PHP-DEV] Sanitize filters
From: davidgebler@gmail.com (David Gebler)

--000000000000e1e21205ea164804
Content-Type: text/plain; charset="UTF-8"

On Sun, Oct 2, 2022 at 4:10 PM Larry Garfield <larry@garfieldtech.com>
wrote:

> The filter extension has always been a stillborn mess.  Its API is an
> absolute disaster and, as you note, its functionality is unclear at best,
> misleading at worst.  Frankly it's worse than SPL.
>
> I'd be entirely on board with jettisoning the entire thing, but baring
> that, ripping out large swaths of it that are misleading suits me fine.
>
>
The whole thing is seriously grim. Looking at the documentation for
filter_var for example, look at what it says for the third parameter,
$options

>  Associative array of options or bitwise disjunction of flags. If filter
accepts options, flags can be provided in "flags" field of array. For the
"callback" filter, callable type should be passed.

At a glance, I think all the examples mentioned in this thread have better
existing alternatives already in core and could just be deprecated then
removed. But it's worth asking, is that what we're talking about here, or
is there a suggestion of replacing the filter API with a more modern,
object API?

--000000000000e1e21205ea164804--