Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94355
Return-Path: <michael.vostrikov@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 55459 invoked from network); 1 Jul 2016 15:55:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 1 Jul 2016 15:55:08 -0000
Authentication-Results: pb1.pair.com header.from=michael.vostrikov@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=michael.vostrikov@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.174 as permitted sender)
X-PHP-List-Original-Sender: michael.vostrikov@gmail.com
X-Host-Fingerprint: 209.85.220.174 mail-qk0-f174.google.com  
Received: from [209.85.220.174] ([209.85.220.174:33179] helo=mail-qk0-f174.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F9/A0-47540-B5296775 for <internals@lists.php.net>; Fri, 01 Jul 2016 11:55:08 -0400
Received: by mail-qk0-f174.google.com with SMTP id e3so6814368qkd.0
        for <internals@lists.php.net>; Fri, 01 Jul 2016 08:55:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=r7zA8iN3IlBH6za7Sm6KMbMpIb/ZCksQmtWlRQYRkJ8=;
        b=F7a54F7hTgjf/K5mD7bS5pIbxu7+QBGkQsqECUFUjRZcVzVNWC1xSbQfCE1JuXB2hf
         sf1JihJehmaFGH/qsQPjzEelf8jJwjQU569+dHdquibQmTysn2VJZNuRyDdLoa5BDOdy
         hQ/EMINuD67DzbehTojNMLC/5FndWOvjgIMbwDXWfsOBMtpgdURrWXf+QwdIipMwR87h
         ZKJU4TZVqzYQPG2ytekhqk4Vjxjh05+0rGgKM3WKu6HfzamdjE1f+0sSrh9FSu/YZNHt
         g4i1odAfGfMBH0Ur3x0d26GIO/pmlWUQYqlRVw8TTsHb4MaldtNKq8ULHftZkaj7mAJh
         BTow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=r7zA8iN3IlBH6za7Sm6KMbMpIb/ZCksQmtWlRQYRkJ8=;
        b=jLZkrD6XBezgxjdA8Jo+3NJlF0SXYNilzRlYuHByJCE25ROaMX8pvo6T3XlVLe83ca
         Y9fzrI64nPrXBIIuTivTWo6xjvDTKPy+vhp4cYXhIsolKN8JLzoWsADGCBMZyWDYNtam
         GJjvQuBufiXR49Xl/ZiZo1+5g02a5mkrZmFBipNCcGI/WRlWZPAAaHlOK+OFYbGJTNWY
         QjvFKLQYAmub2X5PQj4Fi1/ZJuQRgmGf/oKjxkdbDHEw8ZM1AoYIPagkkcXg/cbe2zRR
         I5fL3/m9O6d2X+Qs85Z6pz4fHcMAlwwbYEzcIWDlFA8AV2UNQTsfNFvDwZwxGOqUesLg
         c/SQ==
X-Gm-Message-State: ALyK8tKzYXCvbLqiqZrzbkA08HkQXejL08L0nbJRyJj1UvmIOUrTTok2p9yZ1N4J48pPTmTPzmM/xTsrFnCH9A==
X-Received: by 10.55.40.200 with SMTP id o69mr28832351qko.101.1467388505281;
 Fri, 01 Jul 2016 08:55:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.53.71 with HTTP; Fri, 1 Jul 2016 08:55:04 -0700 (PDT)
In-Reply-To: <CANaX5ndp6cLELV7vdG7TKsCW2ar1dFghKHU-CZ=icpUB+Q2T5A@mail.gmail.com>
References: <20160620222835.BC26C1A80609@dd1730.kasserver.com>
 <14352177-1b49-e2ed-56a3-9a770d0ebf95@gmail.com> <CAEDdnaU35=jGotCRVHx8=i7JnTg7yZOffr4dZtTDJ9vhqTNqtw@mail.gmail.com>
 <CAEDdnaUo=QwDejnJ64ziY2i-9KbMBgvN-_T7pzR8FfXBK3QHQA@mail.gmail.com>
 <CAEDdnaWUNpPxnwymdCj5hrOD=P01BmYO+xJD5JHTy98TRHaLuA@mail.gmail.com>
 <CAObuZduaythsvKtLj=vQtwZX9J_ZjQtywPES+K58-6YoK850zw@mail.gmail.com>
 <CAEDdnaX_hpKEv_ei-f7kWewyE3QB3d9Z=4qApqFhdBRSVFUtWw@mail.gmail.com>
 <7fb2d4d0-551e-97a0-72cd-1b6401881f97@fischer.name> <CAEDdnaUBv09R5MfD9X1LRhnmYz2qopdEWyrB3LfQncyrU3HtXw@mail.gmail.com>
 <CADqioP16NUbB91VE_8-_1NXi=1dCKvHDdjH3AkX0X_SaUxLYmg@mail.gmail.com> <CANaX5ndp6cLELV7vdG7TKsCW2ar1dFghKHU-CZ=icpUB+Q2T5A@mail.gmail.com>
Date: Fri, 1 Jul 2016 20:55:04 +0500
Message-ID: <CAEDdnaVi1E=SD2QdU=KxpAt9FP=bokTP29S+q_7huCnLaRxDww@mail.gmail.com>
To: Davey Shafik <davey@php.net>
Cc: Eugene Leonovich <gen.work@gmail.com>, PHP Internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary=001a1142e5489adb1105369502a1
Subject: Re: [PHP-DEV] New escaped output operator
From: michael.vostrikov@gmail.com (=?UTF-8?B?0JzQuNGF0LDQuNC7INCS0L7RgdGC0YDQuNC60L7Qsg==?=)

--001a1142e5489adb1105369502a1
Content-Type: text/plain; charset=UTF-8

> How will a new output operator help in this case?
> You still have to search for `<?=`, `<? echo`, `<? print` occurrences and
replace them with `<?~`.
> Saying that one can forget to add `<?= h()` can be applied to `<?~` as
well,
> you can miss `<? echo` somewhere in a template and get the same result at
the end

No. <?= (int)$some_id ?>, <? echo htmlspecialchars() ?> and others usually
are safe in current code.
But we need to write new code for new functionality in a project.
Let's say we've added new column in database, and added output of it in our
template.
It is very easy to write <div><?= $obj->new_text_column ?></div> for
testing purposes and then leave it as is.

The problem is that <?= h($something) ?> and <?= $something ?> both work
good, one is a subset of another. But the second variant is unsafe. We can
forget to write that main part.
But we cannot forget to write '=' in '<?=' or '~' in '<?~', because it will
not work. It just will not output anything and we can notice this.
Also we need to select what to write, they are mutualy exclusive. And we
have to write <?~ ?> almost everywhere, <?= ?> is needed only sometimes.


> It would be much more productive to get the RFC written and to provide
suggestions on improvements

Thanks. My wiki account is 'michael-vostrikov'.


2016-07-01 16:46 GMT+05:00 Davey Shafik <davey@php.net>:

> All,
>
> Anybody can write an RFC and call a vote whenever they want within the
> guidelines set forth for RFCs.
>
> It would be much more productive to get the RFC written and to provide
> suggestions on improvements (e.g. syntax choice, default options, ways to
> customize), rather battling against it. Or stay quite and vote no. Or do
> both.
>
> I am personally against this idea as it stands but maybe there is a middle
> ground and maybe some good can come of it. For example, autoloading
> functions.
>
> As a suggestion:
>
> Perhaps the ability to register a default stream filter for the default
> output buffer paired with file level declarations and/or context tagging
> within blocks is a possible solution. So something like:
>
> declare(strict_types=1; output_filter_args=['label' => [ENT_QUOTES |
> ENT_SUBSTITUTE]]);
>
> // must be constant scalar expression?
> // Would be passed in directly as is, the choice for an array with context
> aware keys/values is up to you
>
> register_output_filter(function($buffer, $label) { }, 'label'); // should
> have similar API to spl autoloading, with multiple callback stack
>
> <?label:="string"; ?>
>
> ----
>
> Something like this would start to solve some of the problems of context,
> default arguments, etc.
>
> I think functions to set the filter options might be better but using
> declare makes it easier to limit to current file scope and ensures
> consistent placement at top. Also I realize I said to use stream filters
> and I've used a closure here. Stream filters are complex due to the whole
> bucket brigade/continuous data stream thing, but have the advantage of
> being much more performant and resource friendly. Maybe allow both types?
> Simple callbacks for ease of use, stream filters for performance and
> complex stuffs.
>
> TL;DR: what's your account? Let's give RFC karma and vote it down if you
> don't want it.
>
>
> - Davey
>
>

--001a1142e5489adb1105369502a1--