Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:86059 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 73045 invoked from network); 30 Apr 2015 03:02:41 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 30 Apr 2015 03:02:41 -0000 Authentication-Results: pb1.pair.com header.from=danack@basereality.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=danack@basereality.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain basereality.com from 209.85.213.53 cause and error) X-PHP-List-Original-Sender: danack@basereality.com X-Host-Fingerprint: 209.85.213.53 mail-yh0-f53.google.com Received: from [209.85.213.53] ([209.85.213.53:35250] helo=mail-yh0-f53.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 64/60-05379-05B91455 for ; Wed, 29 Apr 2015 23:02:41 -0400 Received: by yhda23 with SMTP id a23so10207825yhd.2 for ; Wed, 29 Apr 2015 20:02:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=LRMqprehIamGdv4H5KCRBaRh0nfczZRMh5xZTvQ722E=; b=ILuJv0LMiRoOvEZNjldCyDJpkM1blryAJagUHGOCjP0rRybIY/kSyoEtAAQRcLKumv enLHxB74b+vovXXp9v9EgwtIgVxPzTJD3t1tJI+aWH7Osy27YElFdsppPX5nzNvTD0Pi h3Y3VIx6xgQnWpOMQafDzDDbw3ZOgC9gT8mtrfhIfwAlgAmcvLpP2jZx2WtiO8h6Teec dXc0Hqbh3J/DBhhKBaF99do/8ifjSiRfkWXuz5UdvK4JUMzT6dbSi8s+DZ1UJs1Hj7CZ kDfOBt39x/9pGHycL+gIzipStEE0NCuEo3uDtcmxEqSpmB1i9gzG3jl0sMVWexJAQlXJ fC8A== X-Gm-Message-State: ALoCoQmiJ8vGCfexASkuCxmO0y/1XB33t5lHa4rk8rYgfvPPSuaKqbN3/TIiXJq1QsyELFhBwE7n MIME-Version: 1.0 X-Received: by 10.236.220.137 with SMTP id o9mr1893207yhp.32.1430362957819; Wed, 29 Apr 2015 20:02:37 -0700 (PDT) Received: by 10.129.108.216 with HTTP; Wed, 29 Apr 2015 20:02:37 -0700 (PDT) X-Originating-IP: [89.240.52.126] In-Reply-To: References: <55401F31.9030703@gmail.com> <55416849.9010808@gmail.com> <554176D6.2030007@gmx.de> <55418CBE.6050609@gmail.com> Date: Thu, 30 Apr 2015 03:02:37 +0000 Message-ID: To: Yasuo Ohgaki Cc: Rowan Collins , "internals@lists.php.net" Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Adding "numeric" type hint From: danack@basereality.com (Dan Ackroyd) On 30 April 2015 at 02:17, Yasuo Ohgaki wrote: > Current PHP: Search query failure. > New PHP type hint: Fatal error because foreign key is out of PHP int range. There may be some confusion; NikiC is still doing some work to tidy up the EngineExceptions. When that is finished passing a variable of the wrong type will give a TypeException. > If user are using type hints everywhere, it may be limited to attackers > seeing fatal errors. If not, attacker can succeed system wide DoS attack by > simple operation. Passing in invalid primary keys should never result in a DoS attack...and I have no idea why you think it would be due to the presence or absence of scalar type hints. Yasuo wrote: > How many of us are expected that > mydb_find_by_id(INT_MAX+1); > Note: INT_MAX+1 is pseudo integer string value. Well currently it isn't: var_dump(PHP_INT_MAX + 1); float(9.2233720368548E+18) Yasuo wrote: > How about have "numeric" type hint that accepts any format/class(GMP) > of numeric values? > > The issue is that weak mode type hint is *not* weak at all. It forces to > have machine native type rather than it's data form. So what you're suggesting is adding a numeric type that acts like GMP and allow arbitrary precision arithmetic on values? Isn't that just GMP? Except you'd need to convert the variable to be 'numeric' before doing any operation on it i.e. something like: $x = (numeric)INT_MAX; mydb_find_by_id($x+1); Unless you're also suggesting replacing PHP's current maths operations... cheers Dan