Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87304
Return-Path: <anatol.php@belski.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 19449 invoked from network); 26 Jul 2015 20:05:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 Jul 2015 20:05:14 -0000
Authentication-Results: pb1.pair.com header.from=anatol.php@belski.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=anatol.php@belski.net; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain belski.net from 85.214.73.107 cause and error)
X-PHP-List-Original-Sender: anatol.php@belski.net
X-Host-Fingerprint: 85.214.73.107 klapt.com  
Received: from [85.214.73.107] ([85.214.73.107:45660] helo=h1123647.serverkompetenz.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 8D/22-06606-87D35B55 for <internals@lists.php.net>; Sun, 26 Jul 2015 16:05:13 -0400
Received: by h1123647.serverkompetenz.net (Postfix, from userid 1006)
	id B599223D6299; Sun, 26 Jul 2015 22:05:09 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	h1123647.serverkompetenz.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.5 tests=ALL_TRUSTED,BAYES_00,
	URIBL_BLOCKED autolearn=unavailable version=3.3.2
Received: from w530phpdev (pD9FD2790.dip0.t-ipconnect.de [217.253.39.144])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by h1123647.serverkompetenz.net (Postfix) with ESMTPSA id 2BA9123D6003;
	Sun, 26 Jul 2015 22:05:06 +0200 (CEST)
To: "'Larry Garfield'" <larry@garfieldtech.com>,
	<internals@lists.php.net>
References: <CALYT1Yo-ae+cemXaaXs5Jv5t2DSzdxdYuxuhEGbXyoo_863+bw@mail.gmail.com> <55A7D993.5000301@moonspot.net> <55B2D142.6020802@gmail.com> <55B41BEC.20104@garfieldtech.com> <CAHvhOfi4N+enTEh32iNBfqyStYxtZ0obDMLBapXBOjvZ9CcJGw@mail.gmail.com> <55B53731.8030203@garfieldtech.com>
In-Reply-To: <55B53731.8030203@garfieldtech.com>
Date: Sun, 26 Jul 2015 22:05:02 +0200
Message-ID: <057301d0c7de$5da5d2c0$18f17840$@belski.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQDrJ9+0MU8FOQ/rKelUCzkNPL+2ggK6CMLOAtMV3G0B7ALmQwIhjEK+AkoanrqfWkEGEA==
Content-Language: en-us
Subject: RE: [PHP-DEV] Core functions throwing exceptions in PHP7
From: anatol.php@belski.net ("Anatol Belski")

Hi,

> -----Original Message-----
> From: Larry Garfield [mailto:larry@garfieldtech.com]
> Sent: Sunday, July 26, 2015 9:38 PM
> To: internals@lists.php.net
> Subject: Re: [PHP-DEV] Core functions throwing exceptions in PHP7
>=20
> On 07/26/2015 01:36 PM, Jakub Kub=C3=AD=C4=8Dek wrote:
> > Hi Larry!
> >
> > 2015-07-26 1:29 GMT+02:00 Larry Garfield <larry@garfieldtech.com>:
> >> Another point here is that 0 is a perfectly legitimate random =
number
> >> in many cases, so callers would need to do a =3D=3D=3D check, not =
just a boolean
> check.
> > What "boolean check" are you talkin' about? I've never seen a code
> > using e.g. strpos() like follows:
> >
> > <?php
> >
> > if(!is_bool($pos =3D strpos('foobar', 'baz'))) {
> >      // we are correct, use $pos' value somewhere } else {
> >      // strpos() produced a boolean, thus no 'baz' found in 'foobar'
> > }
> >
> > ?>
> >
> > Rather it is most frequently being done like below:
> >
> > <?php
> >
> > if(FALSE !=3D=3D $pos =3D strpos('foobar', 'baz')) {
> >      // we are correct, use $pos' value somewhere } else {
> >      // strpos() produced a boolean, thus no 'baz' found in 'foobar'
> > }
> >
> > ?>
> >
> > I think in both cases you do a kind of "boolean check".
>=20
> Yes, I am referring to the second, or variations therein.  When using
> strpos() you need to do a strict check against FALSE (=3D=3D=3D) to =
avoid a legit 0
> getting misinterpreted.  It's also a very commonly forgotten check, =
especially
> among newer devs that haven't been burned by it a few times.
>=20
> My point is that when talking about crypto-related functions, relying =
on people
> to get burned a few times and then remember to do a =3D=3D=3D check =
against FALSE is
> a horrible, horrible idea, hence random_int() should fail much harder, =
as is being
> suggested here (be that via E_FATAL, exception, error throw, or =
whatever, as
> long as the execution does NOT continue).  That is, I am agreeing with =
the
> proposal to have it die hard.  I moderately prefer the throw =
SecurityError
> approach as it's not a user-input error but a system config error, but =
anything
> that prevents execution from continuing is acceptable security-wise.
>=20
When implementing a security related code, people that are tired or =
asleep should stay home :) But going seriously - what it is about is =
changing the paradigm. IMHO this kind of thing should not be done making =
a special case. Since Trowable is a good base, there is a need on a =
strategy.=20

The keyword about the "exception hierarchy" is not seldom to hear it =
this regard nowadays. So besides SecurityError, what is with IOError, =
MemoryError, other common cases? Also be aware and prepared that many =
cases can't currently be served by exceptions, the very low level  =
errors. But basically what I would refer to is a concept catching the =
common cases, so then

- we have a set of rules about exceptions in functions
- those rules produce consistent behaviors
- the "case by case basis" argument is eliminated by them in 99% of =
cases

Regards

Anatol