Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:121434
Return-Path: <larry@garfieldtech.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87944 invoked from network); 19 Oct 2023 14:52:53 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 19 Oct 2023 14:52:53 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id C7583180538
	for <internals@lists.php.net>; Thu, 19 Oct 2023 07:52:52 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS29838 64.147.123.0/24
X-Spam-Virus: No
X-Envelope-From: <larry@garfieldtech.com>
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 19 Oct 2023 07:52:52 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
	by mailout.west.internal (Postfix) with ESMTP id 0C31A3200A6F
	for <internals@lists.php.net>; Thu, 19 Oct 2023 10:52:49 -0400 (EDT)
Received: from imap50 ([10.202.2.100])
  by compute1.internal (MEProxy); Thu, 19 Oct 2023 10:52:50 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	garfieldtech.com; h=cc:content-type:content-type:date:date:from
	:from:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:sender:subject:subject:to:to; s=fm3; t=1697727169; x=
	1697813569; bh=Ri8QdMj8Utl4h3AvHij6rDcFrzblKus6FfAmpQ+6sz8=; b=l
	w2E2Jmw5hgnLyT0WSqflU4puDZeyX14gPxLENrFaAoox4OWtUKIklOg3YtlIcLNH
	ggf2x/OzbXwmWNd+k3P8f6G8OWhKqeFzSoYZOkkVGLw0+/v6OgGSh8J5D6Nnruhg
	HSxIZR1PXEGYQ/C21nyvQ21hh7UYAKcggWrmWQ0AGzmQWpChI89IkmahK7QdRb0k
	grTLivWTDoVupFPOOe9iXY2QvuCmdXwUSvgCtASCGzlbO446Lkd9B8wwTc51mQdA
	zX8MvuLlMXARSJPa4Zg+oFf6g2/GL2DwDClZQzio1+Ed9LPjyCn/fnG7oBgKfFC6
	cy7lxJFC6qK52qKa9TaMQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
	:x-sasl-enc; s=fm3; t=1697727169; x=1697813569; bh=Ri8QdMj8Utl4h
	3AvHij6rDcFrzblKus6FfAmpQ+6sz8=; b=Smt27+iId6Kie87EmQOT8+0li0AYX
	RKut9qquDO27zBYRTd6Upt0jnTh8+U0hfk/+TAyh4dO7QXswCHERD2WTDx5f9V2R
	x6zO/6B2/EmA8B8JG59IPwMYucrmCbY4ZQohNIVhVZr9JKT868SnWEc9IoTaEVss
	S/W6GSQOgypDPztWlkXRA+JPDWqKUGxgmxsMgqKsaM1EEN45ol2ZVxVr2G322WDi
	WbaD+vLOUch6OsvIGOKnOtL82bYvmMAkKsrdZgmquZMTkmh24HZc7cDwFfJ8LzS9
	THcNICkMW4Owo+1MIjI/plf330KdAHdaJ51XikYI8Nm8jpgrmzmi1QXwA==
X-ME-Sender: <xms:wUIxZQoDwCJesl7q6OIxV_BnQWRwJLqLA8z0TWeqt4bZ7nG-z5wK3g>
    <xme:wUIxZWpjqg-MjYFIRFD8WmPcZu6HHZ1IaPSIqy5IhX-aqA3ui2BVLceVzP-mF9axw
    PRq2BBC677VtA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrjeeigdekudcutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfnfgrrhhr
    hicuifgrrhhfihgvlhgufdcuoehlrghrrhihsehgrghrfhhivghlughtvggthhdrtghomh
    eqnecuggftrfgrthhtvghrnhepgeelgfekudeivddvteffueejffdthfejieevhefgffek
    udevkedtvdelvddvffefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg
    hilhhfrhhomheplhgrrhhrhiesghgrrhhfihgvlhguthgvtghhrdgtohhm
X-ME-Proxy: <xmx:wUIxZVPo9UkPzsXSEkt20HT5EVWxqt2FPMrwjffxovq87sGqR6UhgQ>
    <xmx:wUIxZX7p1dfBqlC4QRaanaXRzD_latfpmAY3XvvyF504pvGndGTuGQ>
    <xmx:wUIxZf5iR9ZCz4do7vfZ328l6g_X634RHruBKtsqpRCSdCzJqeNRyw>
    <xmx:wUIxZSLurnXneP3U4I0_WCd7DFzyBGiXfAsUKQeAqlJYPU_27haHcg>
Feedback-ID: i8414410d:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501)
	id 3CF321700089; Thu, 19 Oct 2023 10:52:49 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.9.0-alpha0-1019-ged83ad8595-fm-20231002.001-ged83ad85
MIME-Version: 1.0
Message-ID: <830f0ff5-f88c-42cd-9224-83b4f9dfdb25@app.fastmail.com>
In-Reply-To: 
 <CAPyj-LBvaJi3AMvLfvs4Occ6y5qwyQOq7x+Wdd3y42FgEqdQUQ@mail.gmail.com>
References: 
 <CAPyj-LD0EDYUZSOM=P9doSZRJ8LipSKKUSBHxV-bRbCV1QsYtQ@mail.gmail.com>
 <CAPyj-LD5=SDXmP5EhR-hfL-FreXXey-CGGoHcqEYq1z44YKRbA@mail.gmail.com>
 <4daf6b2a-94dc-4d37-bb4d-512bba5f726b@app.fastmail.com>
 <CAPyj-LBvaJi3AMvLfvs4Occ6y5qwyQOq7x+Wdd3y42FgEqdQUQ@mail.gmail.com>
Date: Thu, 19 Oct 2023 14:52:27 +0000
To: "php internals" <internals@lists.php.net>
Content-Type: text/plain
Subject: Re: [PHP-DEV] Re: [RFC][Under discussion] RFC1867 for non-POST HTTP verbs
From: larry@garfieldtech.com ("Larry Garfield")

On Thu, Oct 19, 2023, at 11:26 AM, Ilija Tovilo wrote:

>> 2. Lots of request bodies are not forms these days; they're frequently JSON or GraphQL.  This function would be useless in those cases; that's fine, but should the name then suggest that it's for form data only?  request_parse_form() or similar?  I'm just concerned about misleading people into thinking it can parse their JSON bodies, when that's not a thing.  (Unless we wanted to provide some kind of callback mechanism, which is probably overkill here.)
>
> request_parse_body() is indeed not aimed at other content types as-is.
> A generic name would allow extending the function to support other
> content types in the future, although it's currently unclear whether
> that's desirable. E.g. for JSON, people might be confused why there's
> a file index in the returned array that is always empty.

Is extending it to other mime types in the future the intent?  That's not mentioned in future scope, IIRC.  That would be an interesting conversation to have, though probably a distraction from the current scope.

>> 3. For an unsupported mime type, I'd recommend a more specific exception than InvalidArgumentException.  Give that a custom sub-class that tracks what the actual mime type was that the request had and it rejected.
>
> A custom exception class sounds reasonable. The mime-type is contained
> in the exception message.

This is a pet peeve of mine in exception design.  With a common exception, the catching code can do *nothing* other than log the message wholesale.  It doesn't have any context beyond the exception type, which is often insufficient.  I've had cases where I needed to sscanf() a PHP exception message in order to get the data out of it that i needed in order to handle it correctly.  That's... just kinda gross.

Now that we have readonly properties, any variable part of the message really should be exposed as either a readonly property of the exception, or via a method.  One or the other, but it's inadequate to only provide that information in a pre-formatted string that requires fugly parsing.

>> 4. I don't quite grok the "input" section.  So if I don't disable the automatic parsing, does that mean request_parse_body() will always fail?  Or will it still work, but just be more memory-wasteful?  That's not clear to me; I'd prefer if it works but is just memory-wasteful, personally, as that would be more portable for projects that want to use it.
>
> Whether request_parse_body() can work repeatedly depends on whether
> the input has been buffered. application/x-www-form-urlencoded is
> buffered and as such works multiple times. multipart/form-data *can*
> be buffered if done manually by opening php://input and reading the
> whole input before calling request_parse_body(). Yes, for post this
> means one needs to disable enable_post_data_reading.

Please clarify that explicitly in the RFC, so hopefully we remember to document that very very clearly when the docs are updated later.

--Larry Garfield