Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:82418 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 19534 invoked from network); 11 Feb 2015 06:36:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 11 Feb 2015 06:36:59 -0000 Authentication-Results: pb1.pair.com header.from=rasmus@lerdorf.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=rasmus@lerdorf.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain lerdorf.com designates 209.85.192.43 as permitted sender) X-PHP-List-Original-Sender: rasmus@lerdorf.com X-Host-Fingerprint: 209.85.192.43 mail-qg0-f43.google.com Received: from [209.85.192.43] ([209.85.192.43:37000] helo=mail-qg0-f43.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 5C/43-33902-988FAD45 for ; Wed, 11 Feb 2015 01:36:58 -0500 Received: by mail-qg0-f43.google.com with SMTP id i50so1300643qgf.2 for ; Tue, 10 Feb 2015 22:36:55 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=iBwOMWJRF2sP/6ZACqUJ9TofKz9cKMoTUYDvAqeFhb0=; b=bd8oyv5gtoD0wJvB43BPLl6NEjZpSKxU11qg21kDGusUNTxllDkvnHo6kdtvXv6ocU bVIKRdzEQpVOmhLArHI9T45WVxdD/98oO36hxPX96ADU8+hTC6FuouNoGozJFJQzkWGz rKCGm765Y2Am4G6/iNyzQd7DvKWvjCWvBBYHRUORGvS0dO6Th7mZybjcZJITygCkWT2g 1UtuQqqpKBK/Vc8nVM7+uKRMFDnGnscpFiUcucCNLA2mBmMmtiajQ54/1wUD4ZqGC1aO 24+k7MjXbL8TONVgawvME6Hhng9aP/p/4TThxVNT6S197JArbISXnV3gvKn1ex03Bd1L KmcA== X-Gm-Message-State: ALoCoQlVKsyddrjadlrZ5WpsCq2CW9ksxQeICrJ8MzJmpbAVVsPH6joMkDW8LXb39PWg5BYYe1l+ X-Received: by 10.224.111.195 with SMTP id t3mr29490332qap.71.1423636615327; Tue, 10 Feb 2015 22:36:55 -0800 (PST) Received: from [192.168.200.14] (c-50-131-44-225.hsd1.ca.comcast.net. [50.131.44.225]) by mx.google.com with ESMTPSA id w107sm17845009qge.5.2015.02.10.22.36.53 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Feb 2015 22:36:53 -0800 (PST) Message-ID: <54DAF884.7000508@lerdorf.com> Date: Tue, 10 Feb 2015 22:36:52 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Xinchen Hui , Andrea Faulds CC: PHP Internals References: <8703B53E-2C4A-4AC6-95C4-D4F19C6D5221@ajf.me> In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="JJsP1qCpmX4ddX2GBqL1tpN9xGi1NDPW6" Subject: Re: [PHP-DEV] [VOTE] Scalar Type Hints From: rasmus@lerdorf.com (Rasmus Lerdorf) --JJsP1qCpmX4ddX2GBqL1tpN9xGi1NDPW6 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 02/10/2015 07:57 PM, Xinchen Hui wrote: >> am I wrong?! > seems I am wrong with this, it's a false alarm... it can restore autom= atically. Yeah, declare() doesn't span files so that isn't a problem. My worry is still the lack of type coercion for internal calls. I tested it on some apps and it will take quite a bit of tedious and rather useless effort to fix these to run in strict mode. Some examples of common things that are fatal errors in strict mode: ini_set('precision', 14); ini_set('display_errors', 1); ini_set('display_errors', true); ok, not common, but tan(4/2) fatal, tan(5/2) no error Wordpress has this function, spot the error: function add_magic_quotes( $array ) { foreach ( (array) $array as $k =3D> $v ) { if ( is_array( $v ) ) { $array[$k] =3D add_magic_quotes( $v ); } else { $array[$k] =3D addslashes( $v ); } } return $array; } $v may not always be a string (it died with a float for me), so the fix is to cast: $array[$k] =3D addslashes( (string)$v ); Also from Wordpress: $formatted =3D number_format( $number, absint( $decimals ), $wp_locale->number_format['decimal_point'], $wp_locale->number_format['thousands_sep'] ); Here number_format() is expecting a float but $number is a string. So again, the only real fix is to cast. And in Drupal8 *without turning on strict*: use Drupal\Component\Utility\String; it dies with: "Fatal error: "string" cannot be used as a class name in /var/www/drupal/core/includes/bootstrap.inc on line 11" That String class is everywhere in Drupal. They are going to have a fun time with that. See https://gist.githubusercontent.com/anonymous/d9252deeeb2aae1a5af5/raw/053= 155130d22551b1404d0a9b94e27424544b6d1/gistfile1 From Geeklog: if (strtolower($topic) !=3D strtolower($archivetid)) { $sql .=3D " AND ta.tid !=3D '{$archivetid}' "; } $topic can be null there. Looking at the logic, not really a bug, just a natural reliance on null being coerced to "" Also from Geeklog: if( empty( $date )) { // Date is empty, get current date/time $stamp =3D time(); } else if( is_numeric( $date )) { // This is a timestamp $stamp =3D $date; } else { // This is a string representation of a date/time $stamp =3D strtotime( $date ); } // Format the date $date =3D strftime( $dateformat, $stamp ); strftime() expects an integer for the timestamp there, but as the above logic shows, they are expecting a numeric string to be fine. No bug, just another forced cast. And another number_format() instance where arg1 is not necessarily a float. Obviously not a bug, so we have to cast again: return number_format( $number, $dc, $ds, $ts ); In Opencart: $this->image =3D imagecreatetruecolor($width, $height); imagecreatetruecolor() expects parameter 1 to be integer, string given in /var/www/opencart/system/library/image.php on line 89 You could argue this is a bug, I guess, but the width and height are coming from a database and are integers in the db, but since the db returns strings. Another cast... I was genuinely hoping to find some bugs with this exercise. I suppose it is because I did it on mature projects and at this stage those sorts of bugs have already been fixed. But I still fear that people are going to want to be enable strictness everywhere and then they will quickly learn that they better cast stuff to be safe which makes the whole thing rather pointless. And I feel pretty sorry for the Drupal folks. That list of 1000+ instances of their String class is going to suck to fix. -Rasmus --JJsP1qCpmX4ddX2GBqL1tpN9xGi1NDPW6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlTa+IQACgkQlxayKTuqOuB9MgCfetxaTcdikNat5ATven6+pf/k +dQAoIVK/J6CoLOuokyNIKaAquYxe8eQ =oeXd -----END PGP SIGNATURE----- --JJsP1qCpmX4ddX2GBqL1tpN9xGi1NDPW6--