Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:118732 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 84095 invoked from network); 3 Oct 2022 12:38:51 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 3 Oct 2022 12:38:51 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 65DCF1804BC for ; Mon, 3 Oct 2022 05:38:50 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS15169 209.85.128.0/17 X-Spam-Virus: No X-Envelope-From: Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Mon, 3 Oct 2022 05:38:49 -0700 (PDT) Received: by mail-wr1-f41.google.com with SMTP id a10so4192765wrm.12 for ; Mon, 03 Oct 2022 05:38:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:user-agent:subject:to:from:date:from:to:cc:subject:date; bh=XckIZjYA9dsDNy/ibTAHN+HD1rGyvbOZHyAlc4gLYPo=; b=PLZgb7CDfx41vP6T08uD07h74kTtqIzBjb8V3lxuZ/+dLAHJwQUxJBTFCQ6OmZd1VK fvmzC+ioAq4/GV0NujLvgbAd4mwh+7YlF59Mc4k+aFO5jU+PbjMREauxPZ1TJM+nDC7Z I2YszHmbSH6CfBozBWbB0bDnOnYQSSGyKkQqX3Aq+V5SJNfigRGz8siiZJeAAjQ3rQbT gTVBujWJW5OkFk+SG6yk9FtBkZfALyblFKBBhiRJAJm9ohr6Oh6El42y5yShPAaivHJ4 GK2VMY3wo26sib3rGmd2L766wyiFyGaH9RApWSrv0ie48mqfgu/g6G5iL+bzcZopBUwC 9F0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:user-agent:subject:to:from:date:x-gm-message-state:from :to:cc:subject:date; bh=XckIZjYA9dsDNy/ibTAHN+HD1rGyvbOZHyAlc4gLYPo=; b=GwUCkAM76Xu1rUw8sh4ymscZVOFiHmWn+xMVzzccm+I9sIIm4rsKt2DbDX7MlCcA/j F18pXMccJSnnfoGFnI8/miuT/oIlpsk2QfdWBdTlzW/igedwaAE3fv7N2wMjGRM+S+/q NZI53rQpKTwjgYRsyVbRU14GJ+FXqJm8Dxlk6SSIoB7As0uv6/EljCg+vRD9m+ZGaqCf +6ODYaV4Zv2WyIEUxFNpMG/tbZ61inT/cgaW+t7VA/K5QwvJLEHn6MOcFtxZKKe0xglG VgMIRvmbz2ibJQ9ST+8kF2TUgDfkb8RCgW5LOddJDtK6iQk/8NQ2Bzd/sfMDelT8MLND MzvQ== X-Gm-Message-State: ACrzQf3O0uKg1bVAqx6/h9hyUNtUXLmYQ+ITRYJbKjw9Gxx7do/bf7Hp YVqJzGgAtiA23cH0y08pa8xVn1mx8lw= X-Google-Smtp-Source: AMsMyM7f9OvXwMRBDr7Vw7oLtvxCPIMo8ZMU/3ftMvzy0KLIkG74iawe5YkhRWvH4Hcp117b03SU6w== X-Received: by 2002:adf:edcc:0:b0:22e:33e0:6fa3 with SMTP id v12-20020adfedcc000000b0022e33e06fa3mr5367284wro.675.1664800728538; Mon, 03 Oct 2022 05:38:48 -0700 (PDT) Received: from [127.0.0.1] (cpc104104-brig22-2-0-cust548.3-3.cable.virginm.net. [82.10.58.37]) by smtp.gmail.com with ESMTPSA id q18-20020a056000137200b0022cc7c32309sm9743748wrz.115.2022.10.03.05.38.47 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 03 Oct 2022 05:38:47 -0700 (PDT) Date: Mon, 03 Oct 2022 13:38:44 +0100 To: internals@lists.php.net User-Agent: K-9 Mail for Android In-Reply-To: References: <0cfb9a7b-1168-42ef-ae1a-bdc72210de43@app.fastmail.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Sanitize filters From: rowan.collins@gmail.com (Rowan Tommins) On 3 October 2022 11:29:40 BST, Max Semenik wro= te: >=D0=BF=D0=BD, 3 =D0=BE=D0=BA=D1=82=2E 2022 =D0=B3=2E, 03:18 David Gebler = : > >> At a glance, I think all the examples mentioned in this thread have bet= ter >> existing alternatives already in core and could just be deprecated then >> removed=2E But it's worth asking, is that what we're talking about here= , or >> is there a suggestion of replacing the filter API with a more modern, >> object API? >> > >Is there a compelling need to have this in the core, as opposed to Compos= er >packages? The ecosystem has changed a lot since the original function was >introduced=2E Quite the opposite, in my opinion - there are compelling reasons *not* to = have this in core=2E It turns out that making a universal validation and sanitisation library i= s really hard, and breaking changes and diverging needs are pretty much gua= ranteed=2E That's pretty much the worst case for something distributed with= the language, and exactly what Composer excels at=2E The only thing that does belong in core are narrowly targeted low-level fu= nctions that someone might use to build such a library=2E Certainly not som= e huge OO monster reimplementing the whole of ext/filter and making a whole= bunch of new mistakes=2E Regards, --=20 Rowan Tommins [IMSoP]