Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:84990
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 89199 invoked from network); 16 Mar 2015 06:23:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Mar 2015 06:23:08 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.44 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.218.44 mail-oi0-f44.google.com  
Received: from [209.85.218.44] ([209.85.218.44:36489] helo=mail-oi0-f44.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id E6/45-06614-9C676055 for <internals@lists.php.net>; Mon, 16 Mar 2015 01:23:07 -0500
Received: by oiaz123 with SMTP id z123so29640294oia.3
        for <internals@lists.php.net>; Sun, 15 Mar 2015 23:23:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=DBFD2s03rZPcj2ZsIcx4QyVir3xrMBK5hFNsimvJpfE=;
        b=uFHs493UVQ303IY8V0KiMt1EGOoaCfKQB+Am8YfT1kZchpavWWNa4gMn7zkBGyUe1T
         y/zBNlloMCD7oj1r8dottZ+409JLSQxqnlh2ZXWaDSIpz8jlYr3VZjg77HnUpcLvEOyP
         xZe+v+Q8siQ13Yd6y9t7/Eashlgo+j6flwLr0AVzAS+mCl/q+XpzrieiUvjyel+yManm
         VKq3lsYruxZFLq7Rr8uJ9yRptYAnCfWdq6awgpbOYaihYpMv9gEYbmSKXxrBwKXaAWfi
         DUrZDTx6JmEU5VvDF+cusfLgyelgs9xRiVm/WIQDWekiPvfkJg9P6KsQhVa8klIPO0Pv
         ZsFQ==
X-Received: by 10.182.209.106 with SMTP id ml10mr30895282obc.46.1426486983440;
 Sun, 15 Mar 2015 23:23:03 -0700 (PDT)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.202.58.2 with HTTP; Sun, 15 Mar 2015 23:22:23 -0700 (PDT)
In-Reply-To: <CAN=kQJe6civW3x=uT2wMB7Mb-33LvkSyHfU=FfB8cfbWsVE+_A@mail.gmail.com>
References: <CABBJUpfiy1BpdyZ5MJmQb3vQz9U8TkSECHCRctupV+BUG1H=fw@mail.gmail.com>
 <55066F07.80308@birkholz.biz> <CABBJUpd+yd_7g8VkU0SHRMt0a35idyyLS_7m6=-cGgBB1RzkQg@mail.gmail.com>
 <CAN=kQJe6civW3x=uT2wMB7Mb-33LvkSyHfU=FfB8cfbWsVE+_A@mail.gmail.com>
Date: Mon, 16 Mar 2015 15:22:23 +0900
X-Google-Sender-Auth: 2kIRi2RDddnRljxyCCVTMS8SyK8
Message-ID: <CAGa2bXaMPs2WNOvJzJz6S3Qm1z28H=msi8SdVsmPYJGz-kM8hQ@mail.gmail.com>
To: Matthew Leverton <leverton@gmail.com>
Cc: Xinchen Hui <laruence@php.net>, Dennis Birkholz <dennis@birkholz.biz>, 
	"internals@lists.php.net >> 'PHP Internals'" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=e89a8ff25054ecbd7b051161e185
Subject: Re: [PHP-DEV] About declare(strict_types = 1)
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--e89a8ff25054ecbd7b051161e185
Content-Type: text/plain; charset=UTF-8

Hi all,

On Mon, Mar 16, 2015 at 3:03 PM, Matthew Leverton <leverton@gmail.com>
wrote:

> On Mon, Mar 16, 2015 at 12:55 AM, Xinchen Hui <laruence@php.net> wrote:
> > That is why I don't see it before (thousand times, too long to read...
> > but not in RFC)
> >
> It's in the RFC: "Whether or not the function being called was
> declared in a file that uses strict or weak type checking is
> irrelevant. The type checking mode depends on the file where the
> function is called."
>

This is one of the point I most dislike.
Caller _must_ satisfy callee requirements. This is simple principle to
write
a secure code.

With this RFC, caller overrides security related setting. This means
scripts
that are prepared for type safety is "ignored" and it leads security breach.

It's just like turning on/off register_globals and allow_url_include by
caller.
It cannot be right... IMHO.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--e89a8ff25054ecbd7b051161e185--