Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:74369 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 3678 invoked from network); 19 May 2014 20:00:31 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 May 2014 20:00:31 -0000 Authentication-Results: pb1.pair.com header.from=garyamort@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=garyamort@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.44 as permitted sender) X-PHP-List-Original-Sender: garyamort@gmail.com X-Host-Fingerprint: 209.85.192.44 mail-qg0-f44.google.com Received: from [209.85.192.44] ([209.85.192.44:58013] helo=mail-qg0-f44.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7C/60-33069-CD26A735 for ; Mon, 19 May 2014 16:00:28 -0400 Received: by mail-qg0-f44.google.com with SMTP id i50so9793850qgf.31 for ; Mon, 19 May 2014 13:00:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=C9NqgWzGP0c1nf1+oT43A54bQnXqH3eMz/i8F3fRTR8=; b=iKgE26mspzA9naRdAhqQbbY1+f4TXy49Zp1o1pejNxTU4lEdz+mEtuN3Yb4bkvAjzl uWXJ1bTxoHioUyb5rKEf1j9boNRE13OtTwnxXNpcqc+1Leyv+yaQOdKTQboojAKiA+1c dxT9BzCD2lBugQsR2Ys9ej4HRCS14XZDCfpqEKcWW971VNZuaeHrnpiDbjU1sLVF9QNL RMHPq6WdWvH4HOHiews7Dl7WRP/SiWFc62Wot6EqDC5P/BLSgpa4tQHCL63Tv8AZRIOI jjAMC8PdbmbwRBkYgh97/qtYYVil6WKX3u/oQhMejsGzB9ghY6ZCHfT25LwtsRn2l3P4 DzVA== X-Received: by 10.140.109.70 with SMTP id k64mr50465636qgf.92.1400529625684; Mon, 19 May 2014 13:00:25 -0700 (PDT) Received: from ?IPv6:2604:2000:1118:4036:62a4:4cff:fea8:603d? ([2604:2000:1118:4036:62a4:4cff:fea8:603d]) by mx.google.com with ESMTPSA id a6sm29074267qaj.15.2014.05.19.13.00.24 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 May 2014 13:00:25 -0700 (PDT) Message-ID: <537A62D6.6050704@gmail.com> Date: Mon, 19 May 2014 16:00:22 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Globals, closures, and filter_input From: garyamort@gmail.com (Gary Mort) This seems to me to be an odd combination and it is not explictly documented. I'm running under PHP 5.5.12 First off, when after executing unset($_GET) - the global $_GET variable no longer exists. However, calling filter_input(INPUT_GET,...) continues to return data from the query string. So filter_input and filter_has_var are independent of the $_GET variable. IE they will return whatever the original data was. This is noted in the comments regarding these functions, http://us1.php.net/manual/en/function.filter-input.php - I simply want to double check that this is working as designed, and not a bug that will be corrected[since there is no spec for this feature. :-)] Moreover, it is possible to bind a closure to a global variable, for example: https://gist.github.com/garyamort/c656846ba3969c492d20 In this code, I bind a closure which returns the results of filter_input(INPUT_GET,...) to the $_GET super global. This was simply a quick and dirty exercise dynamically enabling $_GET variable filtering in a manner which integrates nicely with most introductory PHP tutorials. A more thorough solution would be to instead create an ArrayObject subclass and map the various array methods to the appropriate filter_input and filter_has_var functions. In that way, 'legacy' code could have it's input automatically sanitized, with the ability to change the type of sanitization which occurs during execution[since the current default sanitzation ini setting can not be changed dynamically] However, global variables are not supposed to be bound to closures and objects, then this could result in future problems if that feature is ever modified.