Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:46154
Return-Path: <rasmus@lerdorf.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 81659 invoked from network); 22 Nov 2009 03:52:37 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 22 Nov 2009 03:52:37 -0000
Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lerdorf.com from 209.85.211.197 cause and error)
X-PHP-List-Original-Sender: rasmus@lerdorf.com
X-Host-Fingerprint: 209.85.211.197 mail-yw0-f197.google.com  
Received: from [209.85.211.197] ([209.85.211.197:60363] helo=mail-yw0-f197.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 27/90-11660-385B80B4 for <internals@lists.php.net>; Sat, 21 Nov 2009 22:52:36 -0500
Received: by ywh35 with SMTP id 35so4107285ywh.7
        for <internals@lists.php.net>; Sat, 21 Nov 2009 19:52:33 -0800 (PST)
Received: by 10.91.105.3 with SMTP id h3mr41428agm.6.1258861953501;
        Sat, 21 Nov 2009 19:52:33 -0800 (PST)
Received: from ?192.168.200.22? (c-98-234-184-167.hsd1.ca.comcast.net [98.234.184.167])
        by mx.google.com with ESMTPS id 36sm1382634yxh.49.2009.11.21.19.52.31
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Sat, 21 Nov 2009 19:52:32 -0800 (PST)
Message-ID: <4B08B57E.9090409@lerdorf.com>
Date: Sat, 21 Nov 2009 19:52:30 -0800
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: Alban <seza@paradoxal.org>
CC: internals@lists.php.net
References: <17.CC.25743.CB6770B4@pb1.pair.com>	<84B23126-8011-48DA-B65A-750AA9C5B57E@pooteeweet.org>	<F9.B5.13841.B43280B4@pb1.pair.com> <4B082F9E.6080703@lerdorf.com> <83.40.11660.FE2B80B4@pb1.pair.com>
In-Reply-To: <83.40.11660.FE2B80B4@pb1.pair.com>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] suggestion about ternary operator
From: rasmus@lerdorf.com (Rasmus Lerdorf)

Alban wrote:
> Le Sat, 21 Nov 2009 10:21:18 -0800, Rasmus Lerdorf a écrit :
>> The ternary isn't meant to solve the isset thing you are talking about.
>>  It is simply a shortcut to normal ternary operations.  The most common
>> case where you don't know if a variable is set is on the initial input
>> via $_GET or $_POST and we definitely don't want people doing:
>>
>>   $var = $_GET['foo'] ?: 42;
>>
>> It would be an XSS disaster.  Hence the suggestion to use input_filter
>> there, or a similar user-supplied filtering function in which case the
>> ternary, as it is currently implemented, is perfectly suitable.
>>
>> -Rasmus
> 
> Sure ! Developpers should filter variables contents !
> 
> Generaly there are 3 step for treat incoming variable : 
> 1- checking existance of the variable. 
> 2- set a default value if it not exists or empty. 
> 3- filtering the variable content.

Or better yet, have your filter function return false if the variable
doesn't exist and use the ternary to set the default.  You can do it all
in a single step then.

$var = filter_func($_GET,'foo')?:42;

Simple and clean.

-Rasmus