Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94830
Return-Path: <php-php-dev@m.gmane.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 1524 invoked from network); 4 Aug 2016 11:28:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 4 Aug 2016 11:28:03 -0000
Authentication-Results: pb1.pair.com header.from=stadli@gmx.de; sender-id=fail
Authentication-Results: pb1.pair.com smtp.mail=php-php-dev@m.gmane.org; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain m.gmane.org from 195.159.176.226 cause and error)
X-PHP-List-Original-Sender: php-php-dev@m.gmane.org
X-Host-Fingerprint: 195.159.176.226 unknown  
Received: from [195.159.176.226] ([195.159.176.226:54660] helo=blaine.gmane.org)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0E/B6-53111-0C623A75 for <internals@lists.php.net>; Thu, 04 Aug 2016 07:28:02 -0400
Received: from list by blaine.gmane.org with local (Exim 4.84_2)
	(envelope-from <php-php-dev@m.gmane.org>)
	id 1bVGob-0001rw-Ca
	for internals@lists.php.net; Thu, 04 Aug 2016 13:27:53 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: internals@lists.php.net
Date: Thu, 4 Aug 2016 13:27:51 +0200
Lines: 36
Message-ID: <nnv8rf$24e$1@blaine.gmane.org>
References: <CAGa2bXa8Oj=xi6ZUKYFe5XXuhZvOL6JT=31QHoq8EG-9veGDBg@mail.gmail.com>
 <nnu4fj$cul$1@blaine.gmane.org>
 <CAGa2bXZrtf1jy_W4Dzs72mxs9kmXx5586jbagjHRop3uzcuFYA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.2.0
In-Reply-To: <CAGa2bXZrtf1jy_W4Dzs72mxs9kmXx5586jbagjHRop3uzcuFYA@mail.gmail.com>
Subject: Re: [PHP-DEV] Adding validate_var_array()/validate_input_array() to
 which version?
From: stadli@gmx.de (Christian Stadler)

Am 04.08.2016 um 12:10 schrieb Yasuo Ohgaki:
> Hi Christian and all,
> 
> On Thu, Aug 4, 2016 at 10:07 AM, Christian Stadler <stadli@gmx.de> wrote:
>> Am 01.08.2016 um 10:23 schrieb Yasuo Ohgaki:
>>> P.S. It's possible to return array that contains offending values. It
>>> is not included since users can store whole offending input array.
>>> Whole input is more useful for attack analysis.
>> Actually I wanted to suggest exactly that for ppl. who want to give
>> Feedback to their users, what values failed to validate to the users.
>> Probably with a fourth optional param, like `$return_invalid = false`?
>> Of course logging is a different topic and should always use the whole
>> offending input array.
> I can set offending value to filter globals so that it can be
> retrieved later in catch block. I cannot return or modify referenced
> parameter because of raised exception.

Well, since some people have objections about raising exceptions here,
this should probably be either in a seperate vote or additional options
in the main vote. Probably something, like:
Yes, either | Yes, without the exception | Yes, with the exception | No
Personally I would vote for 'Yes, either'. If I could, that is.

> I don't mind adding this feature. It requires an API like
> validate_get_offending_value(). (The name should be nicer)
> How many of us are interested in this feature?

Then this new function should have an offset param. With this I could
check, if the array has any offending values and then continue with the
rest ... mmh, now that I think of it, this isn't really necessary.

Uhm, well anyway: I'd suggest, that the ind(ex/ices) should be returned
rather, than the actual value names.

Regards,
  Christian Stadler