Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27054
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 64.233.182.190 as permitted sender)
DomainKey-Status: good
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=QcKCRTSAwLeMYaL25A4wxJaJnPF85SFyBcVBGnwuImagZ50X0dguaEoxFQDaTmMFqc5WWrZkWQVR8yfGxCPgBe0pgTjhLZ3eD5HccTdbWraxEfF0HAFq1Nee1OjlPNAz4jHuJ4vSscDHJtjFlz2str7Gn3agBNm8SF1F2OlGoZs=
Message-ID: <fe05d1540612161513x2aafa290q3df4ee3372626e27@mail.gmail.com>
Date: Sun, 17 Dec 2006 00:13:33 +0100
To: "Andrei Zmievski" <andrei@gravitonic.com>
Cc: "Rasmus Lerdorf" <rasmus@lerdorf.com>, 
	"Rui Hirokawa" <rui_hirokawa@ybb.ne.jp>, 
	"PHP internals" <internals@lists.php.net>, 
	"Andi Gutmans" <andi@zend.com>, "Zeev Suraski" <zeev@zend.com>, 
	"Dmitry Stogov" <dmitry@zend.com>
In-Reply-To: <8E9680A2-042A-4C54-9E64-2522CCB9D4B9@gravitonic.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <fe05d1540612141259o28ab86c1sc21d90b6beaa0cd1@mail.gmail.com>
	 <20061216131857.5001.RUI_HIROKAWA@ybb.ne.jp>
	 <45838527.3050606@lerdorf.com>
	 <8E9680A2-042A-4C54-9E64-2522CCB9D4B9@gravitonic.com>
Subject: Re: [PHP-DEV] php6: input encoding, filter and making JIT really JIT
From: pierre.php@gmail.com (Pierre)

Hello,

On 12/16/06, Andrei Zmievski <andrei@gravitonic.com> wrote:
> Pursuant an IRC discussion with Rasmus.
>
> It seems to be that in order to do any sort of error differentiation
> we need to have a variable-level JIT decoding/filtering. It needs to
> be smart though, because we want to issue errors only on the first
> access to the variable. One way to approach this would be to decode/
> filter the $_POST['foo'] value when it's accessed and then replace
> the $_POST['foo'] with this filtered result so that the next access
> gets the value directly, without invoking the JIT mechanism.

I'm not sure it is worth the effort given the possible problems like
foreach. Is it possible to add such hooks? like catch an array element
access (auto global)?
This solution looks nice but I'm unsure about its feasibility or
complexity (over designed?).

My initial thought was to decode the GPC (env, server can use this
rule as well) with the first access, no matter if the access is only
for one index $_GET['a']) or for the complete array ($a =$_POST).

The stop unicode error mode will used during the decoding phase (see
README.UNICODE for the error mode explanation). If an error occured,
the error will will be stored and can be fetched using an extra
function, like :

array = input_decoding_error($type);

where $type is one of the GPC filter constant and the returned value
is an array with the input name/error as key/value pairs.

This approach will keep the JIT system simple while having enough
flexibility. If an error occured, it is easy to see which variable was
affected. One does not even need to check it until it is done with the
input decoding process. It will also work nicely with ext/filter, if a
validation failed due to the decoding, the error can be fetched using
this function.

How does it sound?

I also like to hear other persons ideas as they wrote the JIT part or
know better the limitation of the engine (for the element access
hook), Zeev, Andi, Dmitry? :)

--Pierre