Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:128965 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id 9F56B1A00BC for ; Sat, 25 Oct 2025 13:36:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1761399422; bh=790McvIMPd3RlrmTncuzGKkLg2sx0mG0DuIryBLuohs=; h=Date:Subject:To:References:From:In-Reply-To:From; b=enQRTSAsNsUqWLJVgx4vQC98PoZOKBBvf8NYXP32jBOcmcZ2l37ppuIm11NFtN7Su iQufgyRj1CWLfbtX6+tpDvu0oSvy/aHEE58MHbEopXfzVaXgCm7UCzHqsXdI3KcBVu t6li3o3aMVLkLwefAd5AufJXRXjPYIbycEClU98BZxeIMZ1DCVUOZDnC0vMtN1cRnJ RbSrbLLP49KEpbZopPBpwGgNV4WvgeMX19OuGes952Y/wY1nFXhzCp+G4Eh+y/+LLj qH4mx9T4ee4G96skRjfaKswI5IRB1J2fgyrGxmQvOYjbqI+CIX4qGQ9AT9btZPze+0 Sgk4ONKMnq1pQ== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 6F747180039 for ; Sat, 25 Oct 2025 13:36:57 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_05,DKIM_INVALID, DKIM_SIGNED,DMARC_PASS,RCVD_IN_DNSWL_LOW,RDNS_NONE,SPF_HELO_PASS, SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: No X-Envelope-From: Received: from mout-p-201.mailbox.org (unknown [80.241.56.171]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sat, 25 Oct 2025 13:36:56 +0000 (UTC) Received: from smtp1.mailbox.org (smtp1.mailbox.org [10.196.197.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 4cv15L49S9z9t8l for ; Sat, 25 Oct 2025 15:36:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mabe.berlin; s=MBO0001; t=1761399398; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YM0+iN4OUOynctliMCMCQGoTEt8RKxTSNL7W6Y7/ldM=; b=i6mdcI4PPkVXQVx5R2Y6osLB6K/CrFh99NHl7McA/UX1qIQNw/7HnNz8ZAZi+cSMpWyJRM qFil22fJj+rWxKLaLbXmfzWYXEaliBPdcujFrhQ8noNK8UCxve+9D/BaToIqBI0+SKCh7s cJOv7nNqKyxBXQlaRSFfc4jWcCw/VEugCu5wZZN91gqtqFdeiFeZwnNbYlZVZCNnGolr5K WBLYKHrcVWL2DzeMkNjw4X7wqmKZLTyXFWXR0WB1J2lDuHofCP5d2qJVdg7rPO0a8dRpjW tfg8taFQGJzX01+xNWPRO4dn0A0/7qsoE3+xdGYS2m94/TRyOovS4ARVjrZ/zQ== Message-ID: Date: Sat, 25 Oct 2025 15:36:40 +0200 Precedence: list list-help: list-unsubscribe: list-post: List-Id: x-ms-reactions: disallow MIME-Version: 1.0 Subject: Re: [PHP-DEV] Deprecate Undefined Constant Usage in php.ini Files (GH-20060) To: internals@lists.php.net References: <2abf50cd-5738-48e0-af15-a8c010141deb@bastelstu.be> <1760945334276.4002170669.2593555531@yahoo.de> <775eb41b-7d5b-4da6-8f31-834de92b4ac8@rwec.co.uk> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit From: marc@mabe.berlin ("Marc B.") On 23.10.25 10:21, Tim Düsterhus wrote: > Hi > > Am 2025-10-20 20:17, schrieb Rowan Tommins [IMSoP]: >> I don't think this kind of pattern matching is the right way to go. >> It's perfectly normal in INI files to have all sorts of strings which >> aren't quoted; looking through the samples provided in the source, I >> spotted this: >> >> user_agent=PHP >> >> No regex is going to recognise that that should be interpreted as >> "PHP", not constant("PHP"). > > I agree with that. Supporting bare strings is a key feature and > randomly warning for *some* of them is going to be even more confusing > than just some of them randomly getting replaced by a different value > just because they happen to match a constant. In fact this made me > realize that `parse_ini_*()` is unsafe, because it doesn't just > support *internal* constants, but also constants defined in userland. > I have thus just proposed a new warning to be added to the > documentation: https://github.com/php/doc-en/pull/4946. > > Given that the primary purpose of the constant support seems to be the > E_* constants for `error_reporting`, it might be best to instead only > support a small allow-list of safe constants in INI files. Another possible way would be to introduce a special syntax for constants - just like we already have for environment variables. > > Best regards > Tim Düsterhus