Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:86821
Return-Path: <yohgaki@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 87622 invoked from network); 23 Jun 2015 22:25:10 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Jun 2015 22:25:10 -0000
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.177 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@gmail.com
X-Host-Fingerprint: 209.85.160.177 mail-yk0-f177.google.com  
Received: from [209.85.160.177] ([209.85.160.177:36756] helo=mail-yk0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id CD/03-04861-4CCD9855 for <internals@lists.php.net>; Tue, 23 Jun 2015 18:25:08 -0400
Received: by ykdr198 with SMTP id r198so14005786ykd.3
        for <internals@lists.php.net>; Tue, 23 Jun 2015 15:25:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-type;
        bh=Df8SJ0s7/ZQkBWYUn2hUt6VXeV22Y6VSlF4xcHl3wJo=;
        b=gW8hw6WWM2cXyEjvzlLqNA6cJXCwlac7xoPUcewmSJh09V0iC30wnXcRjI5ah42Ve2
         b61e1b2p3njvG8UcbSZIgw0017wvi7KdVQ66tfDXHh8i52zvndy1ZBX5M5n+lDa787S8
         8ky9goaEG+2vblaA1QlR0yYRMqMvZITcUJqR6rnnBydTjMn1rVzdt0I3wpV2jWhuMHqB
         j43oLEmQgp7n5GEsojIy0T3SJZkfNZNQHuUBpyhMVnmqmnKW17pkjsc/y1KWD0R4C9YW
         p7nAfK7aLHT2OjJuxg8wRklnqwxemY0MIbvejhf3mGDP5mXADWunzU/a77oIgkFbCTzM
         1Kxw==
X-Received: by 10.170.215.69 with SMTP id h66mr44687419ykf.74.1435098305696;
 Tue, 23 Jun 2015 15:25:05 -0700 (PDT)
MIME-Version: 1.0
Sender: yohgaki@gmail.com
Received: by 10.129.48.129 with HTTP; Tue, 23 Jun 2015 15:24:26 -0700 (PDT)
In-Reply-To: <CAGa2bXa0c5ducwf075MEZEE1psbn2vVHJCzX8p1KC9JJkyEe=Q@mail.gmail.com>
References: <CAGa2bXa9x_BK9O78N_yvAVj7M5V0UEGsy3ch-VOimaqGaKUA3w@mail.gmail.com>
 <CABBJUpeaVXXJ-JJDP+oHUamuDGwM87Myvm4_0qXAh2cZn8rg3A@mail.gmail.com>
 <CAAyV7nHo2jWSNYL-BQc-yg2SoTzOpNFvcmLNpH9vhL9w3_ab7w@mail.gmail.com>
 <CAGa2bXYRB1Mo6B9WA0knrJ6ziKukaNY18aiYzj-QfvYA+o0VVQ@mail.gmail.com> <CAGa2bXa0c5ducwf075MEZEE1psbn2vVHJCzX8p1KC9JJkyEe=Q@mail.gmail.com>
Date: Wed, 24 Jun 2015 07:24:26 +0900
X-Google-Sender-Auth: 71QOKMprzPOztiVd8teDM6UlSkw
Message-ID: <CAGa2bXbPrj89krFpY-N+GoC1fW0gKL7EBXBFP5iLUJAWf3mZ1g@mail.gmail.com>
To: Anthony Ferrara <ircmaxell@gmail.com>
Cc: Xinchen Hui <laruence@php.net>, "internals@lists.php.net" <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a113bcfa0ba9987051936dc50
Subject: Re: [PHP-DEV] Optimizing php_html_entities()
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

--001a113bcfa0ba9987051936dc50
Content-Type: text/plain; charset=UTF-8

Hi all,

On Wed, Jun 24, 2015 at 6:51 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> I got it.
>
> On Wed, Jun 24, 2015 at 6:41 AM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:
>
>> On Wed, Jun 24, 2015 at 12:21 AM, Anthony Ferrara <ircmaxell@gmail.com>
>> wrote:
>>
>>> In addition, this breaks the contract, specifically when using scalar
>>> types. Because you're no longer going to error when the contract is
>>> broken (considering htmlspecialchars is documented as string:string).
>>>
>>
>> What do you mean by "break the contract".
>> "string" parameter is not a requirement/contract.
>> htmlspecialchars/htmlentities
>> just converts param to string. The patch does not change anything as you
>> can
>> see it from the phpt results.
>>
>
> [yohgaki@dev github-php-src]$ cat ../t.php
> <?php
> declare(strict_types=1);
>
> var_dump( htmlspecialchars(123) );
>
> [yohgaki@dev github-php-src]$ ./php-bin ../t.php
>
> Fatal error: Uncaught TypeError: htmlspecialchars() expects parameter 1 to
> be string, integer given in /home/yohgaki/workspace/ext/git/oss/
> php.net/t.php:4
> Stack trace:
> #0 /home/yohgaki/workspace/ext/git/oss/php.net/t.php(4):
> htmlspecialchars(123)
> #1 {main}
>   thrown in /home/yohgaki/workspace/ext/git/oss/php.net/t.php on line 4
>
>
> I think this is massive breakage. It only happens in strict mode, though.
>

IMHO, escape/unescape/encode/decode/conversion function is better to accept
any types.
HTML template may be separated script, but database code etc may not.

Writing code like

<?php
declare(strict_types=1);
$sql = 'SELECT * FROM '. pg_escape_identifier((string)$table). ' WHERE id
'. pg_escpae_literal((string)$id).';';
pg_query($sql);
?>

is better to be avoided. i.e. (string) cast before passing parameter.

Another example. JSON decode convert numeric to int/float

<?php
declare(strict_types=1);
$data = json_decode($json);
$str = mb_convert_kana((string) $data['some_data'], 'AKHV');
?>

Are we going to enforce users to use (string) casts for conversion
functions to switch
strict_types=1?

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

--001a113bcfa0ba9987051936dc50--