Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:50939
Return-Path: <tyra3l@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 91030 invoked from network); 9 Dec 2010 11:34:36 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Dec 2010 11:34:36 -0000
Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass; domainkeys=bad
Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.173 as permitted sender)
DomainKey-Status: bad
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: tyra3l@gmail.com
X-Host-Fingerprint: 209.85.161.173 mail-gx0-f173.google.com  
Received: from [209.85.161.173] ([209.85.161.173:51723] helo=mail-gx0-f173.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F0/00-25332-8CEB00D4 for <internals@lists.php.net>; Thu, 09 Dec 2010 06:34:33 -0500
Received: by gxk24 with SMTP id 24so1202344gxk.18
        for <internals@lists.php.net>; Thu, 09 Dec 2010 03:34:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:sender:received
         :in-reply-to:references:date:x-google-sender-auth:message-id:subject
         :from:to:cc:content-type;
        bh=OSzF/0JyWeiIAUuovnc+UylbPjGY5DbVgvdd7bDGWcA=;
        b=SUxGx9syxsx4OqRU9EW+L2WonFDyKL9+XRdEP9MAHK9HFE5htiUGo3M232AztJpsYO
         87nw1qEdO54jusTfBuuHbt+egIGHJibdSr97a2BtoHjSiAc+hcbadg6XIt1fFMhuSBkm
         KZ2LhdMPctDhvADTqXVW34CHxuKERt3GQR26c=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:date
         :x-google-sender-auth:message-id:subject:from:to:cc:content-type;
        b=tXlIQr/TYJ5xzZvvx4sN1QhmmqNDoqdRqHxD4NJm+71JrVSEsxwjUyDrzK0FfEGw9k
         aLUTqTB5U7C3kqQUA6wjo3FHneDu+mLsTCzuuJQzXglJHiP5NR+zMOATuimKhReIN0+o
         8USNXROTxD639xkSj6uHjVzzIYqzNP4f8yy9w=
MIME-Version: 1.0
Received: by 10.90.248.28 with SMTP id v28mr7486085agh.168.1291894469179; Thu,
 09 Dec 2010 03:34:29 -0800 (PST)
Sender: tyra3l@gmail.com
Received: by 10.90.53.4 with HTTP; Thu, 9 Dec 2010 03:34:29 -0800 (PST)
In-Reply-To: <AANLkTi=M3niH6FeBYqUhQCOtsgAdE5Yn2hAoKQt93vGh@mail.gmail.com>
References: <4D00ABFE.5070403@hristov.com>
	<AANLkTi=M3niH6FeBYqUhQCOtsgAdE5Yn2hAoKQt93vGh@mail.gmail.com>
Date: Thu, 9 Dec 2010 12:34:29 +0100
X-Google-Sender-Auth: srH2w73NyTK-gJBWiwUDTe4qTVQ
Message-ID: <AANLkTi=_z_qH1a9ejSyjb-tttsmf-SD+EYduqX5y=aM7@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: Andrey Hristov <php@hristov.com>, PHP Internals List <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=0016363b8e5aec3b270496f89e32
Subject: Re: [PHP-DEV] Deprecating "global" + $GLOBALS, making $_REQUEST,
 $_GET, $_POST read-only
From: info@tyrael.hu (Ferenc Kovacs)

--0016363b8e5aec3b270496f89e32
Content-Type: text/plain; charset=UTF-8

On Thu, Dec 9, 2010 at 12:15 PM, Pierre Joye <pierre.php@gmail.com> wrote:

> hi,
>
> As far as I remember we discussed that already back to the php<I don't
> mention it> discussions. It was not accepted because of the little
> gains in regard to the major BC breaks.
>
> However I would prefer, as far as it is technically possible,
> deprecate their usage (notices/warnings) and promote filter usage
> instead. The filter API can also be improved to match what we can find
> in other platform (perl's cgi module for example is quite good) and
> make the input data processing even more user-friendly.
>
> Cheers,
>
>
yeah, to throw in something:
I like the Safe levels and the tainted support in ruby:
http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html

<http://www.ruby-doc.org/docs/ProgrammingRuby/html/taint.html>and I like the
idea that Inspekt provides:
http://funkatron.github.com/inspekt/
<http://funkatron.github.com/inspekt/>
"Inspekt acts as a firewall API between user input and the rest of the
application. It takes PHP superglobal arrays, encapsulates their data in an
"cage" object, and destroys the original superglobal. Data can then be
retrieved from the input data object using a variety of accessor methods
that apply filtering, or the data can be checked against validation methods.
Raw data can only be accessed via a 'getRaw()' method, forcing the developer
to show clear intent."

I like the explicitness of the filtering, but I think that we should allow
the developers to decide whether to use it or not.

Tyrael

--0016363b8e5aec3b270496f89e32--