Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:35275 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 31681 invoked by uid 1010); 7 Feb 2008 00:50:06 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 31666 invoked from network); 7 Feb 2008 00:50:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Feb 2008 00:50:06 -0000 Authentication-Results: pb1.pair.com smtp.mail=sam@sambarrow.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=sam@sambarrow.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain sambarrow.com from 205.234.132.11 cause and error) X-PHP-List-Original-Sender: sam@sambarrow.com X-Host-Fingerprint: 205.234.132.11 scottsdale.servershost.net Received: from [205.234.132.11] ([205.234.132.11:56276] helo=scottsdale.servershost.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id AE/C5-20044-DB55AA74 for ; Wed, 06 Feb 2008 19:50:05 -0500 Received: from 208-58-196-175.c3-0.slvr-ubr1.lnh-slvr.md.cable.rcn.com ([208.58.196.175]:50544 helo=[192.168.1.88]) by scottsdale.servershost.net with esmtpsa (SSLv3:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1JMuxp-0004vu-Cr; Wed, 06 Feb 2008 18:50:05 -0600 To: Stanislav Malyshev Cc: 'PHP Internals' In-Reply-To: <47AA5354.7020806@zend.com> References: <47AA5354.7020806@zend.com> Content-Type: text/plain Date: Wed, 06 Feb 2008 19:50:05 -0500 Message-ID: <1202345405.12780.2.camel@sams-room> Mime-Version: 1.0 X-Mailer: Evolution 2.12.1 Content-Transfer-Encoding: 7bit X-Antivirus-Scanner: Clean mail though you should still use an Antivirus X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - scottsdale.servershost.net X-AntiAbuse: Original Domain - lists.php.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - sambarrow.com X-Source: X-Source-Args: X-Source-Dir: Subject: Re: [PHP-DEV] _REQUEST and variable_order From: sam@sambarrow.com (Sam Barrow) On Wed, 2008-02-06 at 16:39 -0800, Stanislav Malyshev wrote: > Hi! > > This topic was already discussed here but never arrived to a conclusion, > so I will raise it again. > The Problem: > We have $_REQUEST superglobal, which is often used to abstract GET/POST > requests. However, in most cases we do not want GET/POST variables to > mean the same as cookie and environment variables. We can avoid that by > setting variables_order to 'GP' but then we lose _SERVER and _COOKIES > which still can be very much useful. We cannot also reliably use > something like 'CGP' since while it won't allow cookies to override > GET/POST we still have no way of not accepting cookie that has no > matching GET/POST. I think this should be cleaned up so that _REQUEST > behavior would conform its use case. > > The proposal(s): > 1. One way to fix it is to create a new .ini request_order that would > control just _REQUEST. > > 2. Other solution would be to keep variables_order but drop 'C' parsing > from _REQUEST - i.e. make _REQUEST never include cookies. I don't know > how many people really need cookies together with get/post in REQUEST. I like this. $_REQUEST is used by me and most PHP developers I know solely for the purpose of abstracting $_GET and $_POST. But user input never comes directly from cookies (what user fills in a login form by setting cookies?), so I don't see a point of including them. > 3. Yet another solution would be to make superglobals independent of > variables_order - i.e. _COOKIE would always exist even if > variables_order doesn't have the letter. I actually don't see any reason > having JIT to remove any of the superglobals - if you don't use them, > with JIT you don't pay for them. And with COOKIES it's not that it would > be a big cost anyway - how many cookies could you have? > Of course, it'd be more substantial change which could break some apps > relying on some quirks of current behavior. > > So, what do you think on this? > -- > Stanislav Malyshev, Zend Software Architect > stas@zend.com http://www.zend.com/ > (408)253-8829 MSN: stas@zend.com >