Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:119639
Return-Path: <dev.juan.morales@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 10791 invoked from network); 1 Mar 2023 15:48:53 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 1 Mar 2023 15:48:53 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id CFE141804D7
	for <internals@lists.php.net>; Wed,  1 Mar 2023 07:48:52 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <dev.juan.morales@gmail.com>
Received: from mail-vs1-f44.google.com (mail-vs1-f44.google.com [209.85.217.44])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Wed,  1 Mar 2023 07:48:52 -0800 (PST)
Received: by mail-vs1-f44.google.com with SMTP id f13so19494475vsg.6
        for <internals@lists.php.net>; Wed, 01 Mar 2023 07:48:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112; t=1677685731;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=q3lMHKoDzFwksCa4xwXN+hF9o6F2IPS8pxKIcT9Z3C0=;
        b=pAe9WaYA+XGgNNbuRqyJWVyd81PlIhe7U0sGTP61ZOYODI1zFwGV7CNbShiDAx1MUp
         lrvPphMPyihMHXWMExvCfV5NSiTglc4vGE/hlIxet1bwWASMxMZYCHZiNxvGrUzI0t85
         anwICjoTB2Yb6DTQBEZ2vMJWahglpUY5QsKKK3aKX+CihvLn9jtD4yJ+g1JE5Nysby9X
         jribsKskbsOJP8RYq9hMEtHOHtyBeXB+cCInMRvoT324SQDXDHOi34tMjwQMdupauiBa
         dPQrMuCfEHbQfN6Fw33OKRQKpXgrZiFRsycrBMM3i9Svnw2jFC2nHSmYhy0qkncyZV8z
         rK0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1677685731;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=q3lMHKoDzFwksCa4xwXN+hF9o6F2IPS8pxKIcT9Z3C0=;
        b=W5C0TaZ4VNfU9Kg/ZfJidoiFR+8zl0vV8+G/Vo6mqz98RlJVNa6lWEVCvjBUlMaOla
         FLmdPCIJMJrShBmvlAF9wy4RMQxtsuoQG2OQNd14dtWlDPjDgtpNP8pgnck3MwxUhYW3
         ru9goSfoFLuf/imrGIw4jR5cS00NrwMy8xwnOzXpWE9IvCzBhhuMhCxLdjbbVAAtlJUc
         UOv474BG1feUVIWgjhG29ZYv5Y40PD5UYf7Xn/AvZhjTGRBn9gD+XiaGt+tjkNu/S1xY
         +lRB4oIu8fxFE+XWjgfySWYDtT40m91GilwOmJszI200NwrydCpmjt7LqoNqE/fTHEEL
         hSug==
X-Gm-Message-State: AO0yUKV/gCzckNiEP493LYaxtDBS94gNTsWQ/IDAIXsOgFAjT5/W/91l
	lezjBhRJuH56twa5jQYuta/FiXuc0Jn82y7S+hg=
X-Google-Smtp-Source: AK7set8KPGrlBUAy20XgbPrn39O8DJHwGALyePZkvQMQLqWpyRquNZeegMwy3AXrRgnkWBYxSmVqkBsRp37kz7z/96g=
X-Received: by 2002:a05:6102:184:b0:414:4ef2:b607 with SMTP id
 r4-20020a056102018400b004144ef2b607mr4369482vsq.6.1677685731518; Wed, 01 Mar
 2023 07:48:51 -0800 (PST)
MIME-Version: 1.0
References: <CANMwmbMObQJD=bBncxXcHOgs1yoBfHXsTE1KZDYcSKMxMUUrRQ@mail.gmail.com>
 <CAEKnhAE7BSrXBv-4BQCVTSemmY1Z2XMTuj5nhv85mrSytnHvqw@mail.gmail.com>
 <CANMwmbOe2SVXg=aocB+y0m-5=9x_=PGc3YQqbD9syVW8udfS6A@mail.gmail.com>
 <CAEKnhAEpnmOPS9v27LsdiFJDigNXugs8x4HpMNJRWOhYqA+QJw@mail.gmail.com>
 <CABdc3WrufL2Avx3omTDAvDNjX52L4yGSnUEoLuP5cGhZY7PpAA@mail.gmail.com> <CAEKnhAEj3SpdHuAEjJYoW0V3GGxRLmTusskkeuDQL1yJfBEFPg@mail.gmail.com>
In-Reply-To: <CAEKnhAEj3SpdHuAEjJYoW0V3GGxRLmTusskkeuDQL1yJfBEFPg@mail.gmail.com>
Date: Wed, 1 Mar 2023 12:48:40 -0300
Message-ID: <CANMwmbN937eiv9hXbst5+bYeXYDyhEDdKdMgD0bvimYRezRg6Q@mail.gmail.com>
To: Jakub Zelenka <bukka@php.net>
Cc: =?UTF-8?Q?Micha=C5=82_Marcin_Brzuchalski?= <michal.brzuchalski@gmail.com>, 
	PHP Internals List <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] RFC Idea - json_validate() validate schema
From: dev.juan.morales@gmail.com (juan carlos morales)

Excellent Jakub, amazing, happy to know all this.

Lets wait for your proposal. Good luck, make it happen!

El mi=C3=A9, 1 mar 2023 a las 10:45, Jakub Zelenka (<bukka@php.net>) escrib=
i=C3=B3:
>
> Hi,
>
> On Wed, Mar 1, 2023 at 1:36 PM Micha=C5=82 Marcin Brzuchalski <michal.brz=
uchalski@gmail.com> wrote:
>>
>> Hi Jakub
>>
>> =C5=9Br., 1 mar 2023, 14:09 u=C5=BCytkownik Jakub Zelenka <bukka@php.net=
> napisa=C5=82:
>>>
>>> >
>>> > Question ... are you planning to incorporate this by enhancing
>>> > json_validate() ???
>>> >
>>>
>>> Yes the plan is to initially enhance json_decode and json_validate that
>>> would get a new $schema argument . I plan to create a class for the
>>> actually schema as it needs to be parsed to its own representation so i=
t is
>>> convenient to have it in the object. It could be also later created fro=
m
>>> the different sources than just JSON string (e.g. assoc array / stdClas=
s or
>>> automatic generation from the class that I mentioned before) so it will=
 be
>>> better to have it in the class.
>>>
>>> Regards
>>>
>>> Jakub
>>
>>
>> Do we really need this in core? What makes it less usable as an extensio=
n?
>>
>
> The primary motivation is that this allow stopping decoding / validation =
once first invalid part is found - basically this is going to be validated =
as parsed. It means this will eliminate all currently possible DOS attacks =
on the actual JSON parsing. There are other reasons that we can discuss in =
more details once proposed like better availability for users but those are=
 just secondary reasons and sort of side effects.
>
> Regards
>
> Jakub