Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:84999
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 8839 invoked from network); 16 Mar 2015 07:45:57 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Mar 2015 07:45:57 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.43 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.218.43 mail-oi0-f43.google.com  
Received: from [209.85.218.43] ([209.85.218.43:36768] helo=mail-oi0-f43.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 7C/21-00492-43A86055 for <internals@lists.php.net>; Mon, 16 Mar 2015 02:45:56 -0500
Received: by oiaz123 with SMTP id z123so30815316oia.3
        for <internals@lists.php.net>; Mon, 16 Mar 2015 00:45:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=fqBtkvWi7B7cbZNQgAVm3+tL1gRIZs/7stomFfGTM2k=;
        b=PVaJ/yIJFh1M2lpiBQWOM0eJrJ92iaGdfmIlQYXmpZ//9eHirOmGw3yopzwf0XdYsB
         ZH2/HxpvPhpTX2ub6yoKhCt0pWAT17zLIxeM7PxCMgTNubVRzETL9pMGfSKEEVFyLtsZ
         YnCDmcnk3JCVYmqKrCh6qR39WhBS0a3+qwxhA914R8KTjYOf8POl1TEF2faOdZ3TqIkx
         9RMpv8WkBHNIRyBO3TbPJw0wN/GwxHVf4RW8bkB2EnD7edxFa7F7uuemMQJS0LvC5JIE
         4iS9EjF0jitjlJ8VkGVMaYzcY3+d2gtDPbUrqnN5wTfuKEiTRMCl5ovmRQRs6Ry3mXfq
         HtpA==
X-Received: by 10.60.97.35 with SMTP id dx3mr46328575oeb.6.1426491953372; Mon,
 16 Mar 2015 00:45:53 -0700 (PDT)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.202.58.2 with HTTP; Mon, 16 Mar 2015 00:45:13 -0700 (PDT)
In-Reply-To: <5506794B.8090008@birkholz.biz>
References: <CABBJUpfiy1BpdyZ5MJmQb3vQz9U8TkSECHCRctupV+BUG1H=fw@mail.gmail.com>
 <55066F07.80308@birkholz.biz> <CABBJUpd+yd_7g8VkU0SHRMt0a35idyyLS_7m6=-cGgBB1RzkQg@mail.gmail.com>
 <CAN=kQJe6civW3x=uT2wMB7Mb-33LvkSyHfU=FfB8cfbWsVE+_A@mail.gmail.com>
 <CAGa2bXaMPs2WNOvJzJz6S3Qm1z28H=msi8SdVsmPYJGz-kM8hQ@mail.gmail.com> <5506794B.8090008@birkholz.biz>
Date: Mon, 16 Mar 2015 16:45:13 +0900
X-Google-Sender-Auth: 00RQDIq76-7AT0tZiQnfkat-Jjk
Message-ID: <CAGa2bXbGxr4E8hi1_faNWOWSeLi6kn5kQJknCaZ4vUTNxHR+tg@mail.gmail.com>
To: Dennis Birkholz <dennis@birkholz.biz>
Cc: "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=089e01227a1827e5d20511630aba
Subject: Re: [PHP-DEV] About declare(strict_types = 1)
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--089e01227a1827e5d20511630aba
Content-Type: text/plain; charset=UTF-8

Hi Dennis,

On Mon, Mar 16, 2015 at 3:33 PM, Dennis Birkholz <dennis@birkholz.biz>
wrote:

> Am 16.03.2015 um 07:22 schrieb Yasuo Ohgaki:
> > Caller _must_ satisfy callee requirements. This is simple principle to
> > write a secure code.
> >
> > With this RFC, caller overrides security related setting. This means
> > scripts
> > that are prepared for type safety is "ignored" and it leads security
> breach.
>
> that is simply not true! The callee always gets the type it expects.
> There is no security problem involved here. The only difference is if
> type conversion rules apply or if an error is raised for a type mismatch.
>
> You clearly dislike the RFC (you voted no), that is OK, but don't scream
> of "security" bugs that don't exist. If they would exist, all type hint
> RFCs would have them in general.
>

Not only Java/etc programmers but also PHP programmers will assume type
safety by types.

Programmers assume integer type data is safe once it passes as integer type
parameter.
I'm sure PHP programmer do assume the same thing.

I posted "bad code"

<?php
function check_num_range(int $num) { if ($num < 0 || $num > 100)
trigger_error('Invalid range'); }
// Somewhere far from function definition.
$num = $GET['num'];
// Somewhere far from $num definition.
check_num_range($num); // Trying to check validity, int and range.
echo 'You have '.$num. ' now <br />'; // But $num could have any string.
                                                            //
"check_num_range((int)$num)" wouldn't help also.
?>

Caller controlled strict typing makes this worse... i.e.
<?php
declare(strict_types=1);
// We are safe since $num is strictly int. Callee has responsibility to
pass valid int . (But it's not)
function check_num_range(int $num) { if ($num < 0 || $num > 100)
trigger_error('Invalid range'); }
?>

Setting register_globals=On while callee script assumes
register_globals=Off is bad thing to do.
Similar argument applies to declare(strict_types=1) also.

As I suggested in other thread, we are better to sit down and make
reasonable decision.
It's not religion, but technical issue. We can reach reasonable consensus
if we try to. If we
cannot, it is better to introduce weak type hint only for the time being.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--089e01227a1827e5d20511630aba--