Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94111 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 97544 invoked from network); 19 Jun 2016 07:53:33 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 Jun 2016 07:53:33 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.216 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.216 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.216] ([81.169.146.216:32896] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 06/27-18862-B7F46675 for ; Sun, 19 Jun 2016 03:53:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1466322808; l=12660; s=domk; d=kelunik.com; h=Content-Type:Cc:To:Subject:Date:From:In-Reply-To:References: MIME-Version; bh=Rxfrd5jlXCIvjffMluf+dgsfcq2V4lvHCq2uPWN/Jes=; b=Plto9slwWBVjtN26Lvkygvv1rsxG930h45gEpIgZBZdiSOWX5+0bfHyMfpGnFZ7y4Gs mMsOu2rcCkbQf9hTHD13rNWUSqSN2De3DKSGpzxxa4npoOjJCq+WTvzUnMLd4C7gGic7S L+4ghLmeF/93Z0r8CgGIPphA9Ia8Ao2WPao= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtOnI6 X-RZG-CLASS-ID: mo00 Received: from mail-wm0-f51.google.com ([74.125.82.51]) by smtp.strato.de (RZmta 38.6 AUTH) with ESMTPSA id R05ec4s5J7rRMcs (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for ; Sun, 19 Jun 2016 09:53:27 +0200 (CEST) Received: by mail-wm0-f51.google.com with SMTP id v199so33840099wmv.0 for ; Sun, 19 Jun 2016 00:53:27 -0700 (PDT) X-Gm-Message-State: ALyK8tJk+s7EgTzr5YzxfyDRsZ+xWgfck/X2oqkvE3PINdjPU0XgmpSJ9YvKj4+Aek5bWNLoNxhx/KKXGmKMbA== X-Received: by 10.194.8.38 with SMTP id o6mr7076819wja.13.1466322807772; Sun, 19 Jun 2016 00:53:27 -0700 (PDT) MIME-Version: 1.0 References: <20160617202344.2868F1A80C02@dd1730.kasserver.com> In-Reply-To: Date: Sun, 19 Jun 2016 07:53:17 +0000 X-Gmail-Original-Message-ID: Message-ID: To: Rasmus Schultz , Ryan Pallas Cc: Stanislav Malyshev , Thomas Bley , "internals@lists.php.net" , michael.vostrikov@gmail.com Content-Type: multipart/alternative; boundary=047d7b5d460415610505359ce2b9 Subject: Re: [PHP-DEV] New escaped output operator From: me@kelunik.com (Niklas Keller) --047d7b5d460415610505359ce2b9 Content-Type: text/plain; charset=UTF-8 Rasmus Schultz schrieb am Sa., 18. Juni 2016, 17:44: > > Add a couple parens and its completely implementable in userland > > If we could autoload functions, I bet that's what everyone would be doing. > > At the moment, no one is able to commit to that pattern, because it > doesn't scale - you can't just keep adding to a list of global > functions (and files) that get aggressively loaded whenever you render > a view, even if each view uses only one or two of them... > > So in practice, you minimally end up with something like this: > > > > > > ... > > But that isn't really practical either, since you can only cram so > many functions into the same class - at which point you start adding > more classes... > > > > > > > It quickly gets ugly, messy and confusing. > Did you know that you can alias namespaces, too? You can always add more functions to a namespace even spread accross multiple files. Then I start thinking about crazy solutions like tokenizing the > template file first and dynamically adding require_once statements for > any functions discovered being used, which would be more convenient, > but quite overly complex for such a small problem - and we're still > talking about occupying the global namespace with lots of functions. > > And so you likely end up accepting that it's ugly and inconvenient, > and you resign yourself to use-statements and static methods, or > fully-static classes, which I've taken to referring to as > "psuedo-namespaces", since we're really abusing classes as a kind of > namespace for functions, just so we can get them to autoload. > > Functions just aren't all that convenient or useful in PHP, because > they largely depend on manual use of require_once, which feels really > ugly and old-fashioned (since everything else autoloads like it's > supposed to) - and it isn't even always possible, since, for example, > you can't (reliably) know where a Composer package is located relative > to your project or package; it depends on whether your project is > currently the root package (e.g. under test) or an installed package > in the vendor-folder. > > I really like pure functions - they're neat, simple and predictable. > In Javascript (and other languages) I always use functions first and > resort to classes only when there's a real clear benefit. In PHP, I > feel like I'm almost always forced into using classes for everything, > mainly because that's what works best in PHP and creates the least > rub. > > This has been bothering me for many years - and I wish that I could > propose a solution, but I really don't have any ideas. > > Can we do something to improve and encourage the use of functions in PHP? > > > On Sat, Jun 18, 2016 at 12:27 AM, Ryan Pallas > wrote: > > On Fri, Jun 17, 2016 at 2:23 PM, Thomas Bley > wrote: > > > >> you can simply add the context to the current output operator: > >> > >> > >> (=strip_tags) > >> > >> > >> > > > > Look at that. Add a couple parens and its completely implementable in > > userland now with no language changes required. > > > > > >> Regards > >> Thomas > >> > >> Stanislav Malyshev wrote on 17.06.2016 22:14: > >> > >> > Hi! > >> > > >> >> Most of output code is an output of properties of database entities, > and > >> >> only in some cases it's needed to concatenate HTML into string and > then > >> >> print it with unescaped output. Escaped output operator can be > useful. > >> Also > >> >> we output data not into the void and not into simple text file, but > into > >> >> HTML-document which has a certain format (markup). Also this is > logical > >> - > >> >> to have both forms, escaped and unescaped. > >> > > >> > This has been discussed on the list a number of times. Main issue with > >> > this kind of proposals is that escaping is context-dependent. E.g. > >> > htmlspecialchars() would not help you in many scenarios - e.g. it > won't > >> > protect you from XSS if you ever place user-controlled data in HTML > >> > attributes. Having operator for each of the possible contexts does not > >> > really looks feasible, and having it for only one of them and not the > >> > others would be misleading people into thinking this operator is > generic > >> > and can be used in all contexts safely. > >> > > >> > -- > >> > Stas Malyshev > >> > smalyshev@gmail.com > >> > > >> > -- > >> > PHP Internals - PHP Runtime Development Mailing List > >> > To unsubscribe, visit: http://www.php.net/unsub.php > >> > > >> > >> > >> -- > >> PHP Internals - PHP Runtime Development Mailing List > >> To unsubscribe, visit: http://www.php.net/unsub.php > >> > >> > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --047d7b5d460415610505359ce2b9--