Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:60082
Return-Path: <nikita.ppv@googlemail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 3404 invoked from network); 17 Apr 2012 15:17:50 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 17 Apr 2012 15:17:50 -0000
Authentication-Results: pb1.pair.com header.from=nikita.ppv@googlemail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@googlemail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 209.85.217.170 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@googlemail.com
X-Host-Fingerprint: 209.85.217.170 mail-lb0-f170.google.com  
Received: from [209.85.217.170] ([209.85.217.170:43939] helo=mail-lb0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2B/16-03996-C998D8F4 for <internals@lists.php.net>; Tue, 17 Apr 2012 11:17:49 -0400
Received: by lbbgf7 with SMTP id gf7so4955671lbb.29
        for <internals@lists.php.net>; Tue, 17 Apr 2012 08:17:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=KlrYhVCDNVESQl6vl0R6qJUmB1yZCGE+s/iSAvOulXw=;
        b=UID9l2cAlJ2VyXqyMek/NkFyN5ivYoP/aRDpXPYNdxEgX2G/zPuB/LI52pt0jF5Qge
         t3d5IkweVMjvGf6j9vfufCDHqGZb4Xw+eq/aVJ1HgXlbG1YNqNJM7IAk/zwWj34vruNk
         RYxBQgnB8eNg3ns5GE7eFLjMdU43CwEWYZ6NHTKLuaaaBgPX0i6wn+1pwidX1XvVlMkC
         vYaa+rgWoN6Vcipw3AGuGwryQBe27WqXIS/v2zisyznl4mQUNZF1Wg2sDiMCQ//Lr6Lw
         a0R3N0ZmAoT7Yl/3Kb0gbzFaOrDeOtl1IVKTHv4eVwYw9hUhwCjbrPtPRu0nniCgbbaV
         GzhA==
MIME-Version: 1.0
Received: by 10.112.38.68 with SMTP id e4mr7311436lbk.38.1334675865168; Tue,
 17 Apr 2012 08:17:45 -0700 (PDT)
Received: by 10.152.127.68 with HTTP; Tue, 17 Apr 2012 08:17:45 -0700 (PDT)
In-Reply-To: <op.wcwqvs1zidpuyk@slws007.slhq.int>
References: <CAF+90c_ia=YbYGT+rGUhuhi+Aj-VD7ccO5wNc32w_iEFSwNj+g@mail.gmail.com>
	<op.wcwqvs1zidpuyk@slws007.slhq.int>
Date: Tue, 17 Apr 2012 17:17:45 +0200
Message-ID: <CAF+90c-x820R2CUo=q-T0viSZAPS5R_Crnesc5rLyC4ZjuOALQ@mail.gmail.com>
To: Gustavo Lopes <glopes@nebm.ist.utl.pt>
Cc: internals@lists.php.net
Content-Type: text/plain; charset=ISO-8859-1
Subject: Re: [PHP-DEV] is_numeric_string an hexadecimal numbers ("123" == "0x7B")
From: nikita.ppv@googlemail.com (Nikita Popov)

On Tue, Apr 17, 2012 at 1:44 PM, Gustavo Lopes <glopes@nebm.ist.utl.pt> wrote:
> On Tue, 17 Apr 2012 13:20:33 +0200, Nikita Popov <nikita.ppv@googlemail.com>
> wrote:
>
>> The internal is_numeric_string [1] function is used to check whether a
>> string contains a number (and to extract that number).
>>
>> Currently is_numeric_string also accepts hexadecimal strings [2]
>> (apart from the normal decimal integers and doubles).
>>
>> [...]
>>
>> In my eyes accepting hex strings in is_numeric_string leads to a quite
>> big WTF effect and causes problems and as such should be dropped.
>>
>> I don't think this has much BC impact, so it should be possible to change
>> it.
>>
>
> I think definitely has a larger BC impact than you're portraying, I can see
> some people making comparisons against '0xA' instead of 0xA.
Yes, this definitely does have BC impact, but I don't think it is
particularly large.

The affected areas mainly would be:
 * String comparisons using ==
 * Strings passed to internal functions which accept the value through
an "l" zend_parse_parameters (functions doing manual type handling via
the Z_TYPE and convert_to_long do not accept hex already now)
 * The userland function is_numeric

The first two would mainly be a problem if somebody - as you already
mention - has written '0xA' == $foo style comparisons or did stuff
like round($number, '0xA'). Both cases - in my eyes - aren't
particularly probably as anyone who knows what a hex number is
probably also knows the difference between a string literal and a
number literal.

The last one is more problematic. It is explicitly documented as
accepting hexadecimal numbers. In my eyes it too should not accept
them, but I could imagine that people rely on this.

> Besides, this is part of the Zend API. It's already used in many extensions
> (though possibly some of these should be using a stricter function) and
> changing its behavior is a stable branch is not wise:
>
> http://lxr.php.net/opengrok/search?q=&project=PHP_TRUNK&defs=&refs=is_numeric_string
I've already looked at some of these and in most (all?) cases the
intended behavior seems to be to not allow hex (passing hex in those
situations actually creates some kind of broken behavior).

Nikita