Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87303 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 16386 invoked from network); 26 Jul 2015 19:38:30 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 Jul 2015 19:38:30 -0000 Authentication-Results: pb1.pair.com header.from=larry@garfieldtech.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=larry@garfieldtech.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain garfieldtech.com from 66.111.4.25 cause and error) X-PHP-List-Original-Sender: larry@garfieldtech.com X-Host-Fingerprint: 66.111.4.25 out1-smtp.messagingengine.com Received: from [66.111.4.25] ([66.111.4.25:48870] helo=out1-smtp.messagingengine.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FF/A1-06606-43735B55 for ; Sun, 26 Jul 2015 15:38:29 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 2C7D6203F9 for ; Sun, 26 Jul 2015 15:38:26 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Sun, 26 Jul 2015 15:38:26 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=O+3dJbZ7zHQxSPw go0LnjFORKRI=; b=T6MbTQwXAn2YuKKR/CUmZsSVul0mlHREu0LJ0I9nrP5YOib ITvYvTn9gJLKkgwJ+SFX3WlQ65ypZLESAIJ73N5ZspS96sVui0j6FlnbP5EmGKaI RwIrdCBV97W8YF2MAfoPm/kUd22nim8RVPrBBrjvQPDQrSCTw12CaViY7y0Q= X-Sasl-enc: X0UyiuPX7+3EHtJWdrIPamgypIbz+Hs+1tlM1cVbb8ju 1437939505 Received: from [192.168.42.5] (c-50-129-175-166.hsd1.il.comcast.net [50.129.175.166]) by mail.messagingengine.com (Postfix) with ESMTPA id E180168012C for ; Sun, 26 Jul 2015 15:38:25 -0400 (EDT) Message-ID: <55B53731.8030203@garfieldtech.com> Date: Sun, 26 Jul 2015 14:38:25 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: internals@lists.php.net References: <55A7D993.5000301@moonspot.net> <55B2D142.6020802@gmail.com> <55B41BEC.20104@garfieldtech.com> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Subject: Re: [PHP-DEV] Core functions throwing exceptions in PHP7 From: larry@garfieldtech.com (Larry Garfield) On 07/26/2015 01:36 PM, Jakub Kubíček wrote: > Hi Larry! > > 2015-07-26 1:29 GMT+02:00 Larry Garfield : >> Another point here is that 0 is a perfectly legitimate random number in many >> cases, so callers would need to do a === check, not just a boolean check. > What "boolean check" are you talkin' about? I've never seen a code > using e.g. strpos() like follows: > > > if(!is_bool($pos = strpos('foobar', 'baz'))) { > // we are correct, use $pos' value somewhere > } else { > // strpos() produced a boolean, thus no 'baz' found in 'foobar' > } > > ?> > > Rather it is most frequently being done like below: > > > if(FALSE !== $pos = strpos('foobar', 'baz')) { > // we are correct, use $pos' value somewhere > } else { > // strpos() produced a boolean, thus no 'baz' found in 'foobar' > } > > ?> > > I think in both cases you do a kind of "boolean check". Yes, I am referring to the second, or variations therein. When using strpos() you need to do a strict check against FALSE (===) to avoid a legit 0 getting misinterpreted. It's also a very commonly forgotten check, especially among newer devs that haven't been burned by it a few times. My point is that when talking about crypto-related functions, relying on people to get burned a few times and then remember to do a === check against FALSE is a horrible, horrible idea, hence random_int() should fail much harder, as is being suggested here (be that via E_FATAL, exception, error throw, or whatever, as long as the execution does NOT continue). That is, I am agreeing with the proposal to have it die hard. I moderately prefer the throw SecurityError approach as it's not a user-input error but a system config error, but anything that prevents execution from continuing is acceptable security-wise. --Larry Garfield