Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94899
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76050 invoked from network); 7 Aug 2016 12:21:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Aug 2016 12:21:02 -0000
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.218.51 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.218.51 mail-oi0-f51.google.com  
Received: from [209.85.218.51] ([209.85.218.51:36804] helo=mail-oi0-f51.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6C/C1-33134-DA727A75 for <internals@lists.php.net>; Sun, 07 Aug 2016 08:21:02 -0400
Received: by mail-oi0-f51.google.com with SMTP id f189so142585017oig.3
        for <internals@lists.php.net>; Sun, 07 Aug 2016 05:21:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=lSFJOWEXvTU4ZlbSIGSnCd0qOD+juJLL+ongneVURlg=;
        b=Xt4zKGeofZCvTcExVSH+gbHhOQvQlC55jtccSzJ6AIaKi03B2aKCBvjHaAdZL8aJDg
         XtyxoaMLY0cP5JLjZnA1k24XprnnoL5jEoqI3vN+B5L902pkv4BN+lINCVykfE8/2L/O
         veDhj/YmfC57PpN3nLXAgRWiZpygSmv+3jsk1Po5PmklLZYZaOwP0+NNEWfo508rNHie
         fvpLNYY8o1E8fRwDzRMZkCB7J2DGSZ0tXhDdrCvyrtpPPElUXbbeyahpP2CvxuXSC+aY
         5z+ALPWDHoAxEsZIBixwNh2gywk/lcUVd4CJrtcARGlDWbiAyc0gctuLZXSApXd3cEJ6
         NiRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=lSFJOWEXvTU4ZlbSIGSnCd0qOD+juJLL+ongneVURlg=;
        b=b3mqKXErScqrJWhMcSE4f/NIPFkWNPhS2yNete36UNMedLBM4+rbe3aqDnen3Fk/VF
         T4kbQXu3W1Y3+mij6fzHZtbropf9SxLSjfoHuorPplOUUKF3gB5mjqZrkf54KqtctfbK
         nshg1j3g/P00kzLijGkuIUDEsIpLXI6kdJGy06SQN2OQnPpW2JBhSqWFX0clu99Jmojq
         Tpd8j907y83FnY0bt/9gv4iVEiEHDAP0TWtaxB//1a+xpLnouZX5Vu99W+8RdR00NNYF
         FKsAE3eW9nYC4c3utnz9SC6d9UCYtF0yaWRZ5zjDgk++fZRWfO3YaytYVONTb2L7W4AH
         8Cbw==
X-Gm-Message-State: AEkoouv29inx6C5Ca2G4z1sAj4fY0KWr8EcJRm8akKkNAwqjQHyuCVI0EpsSnIo6iCbbxbSlX3X29v1YbAjd5A==
X-Received: by 10.202.88.215 with SMTP id m206mr30142342oib.47.1470572458698;
 Sun, 07 Aug 2016 05:20:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.53.135 with HTTP; Sun, 7 Aug 2016 05:20:56 -0700 (PDT)
Received: by 10.202.53.135 with HTTP; Sun, 7 Aug 2016 05:20:56 -0700 (PDT)
In-Reply-To: <CAGa2bXZh1BP48oM+AHzB9Yb4r5+B+W8WDOU-KEsVe+N4KHza4g@mail.gmail.com>
References: <CAGa2bXa8Oj=xi6ZUKYFe5XXuhZvOL6JT=31QHoq8EG-9veGDBg@mail.gmail.com>
 <nnu4fj$cul$1@blaine.gmane.org> <CAGa2bXZrtf1jy_W4Dzs72mxs9kmXx5586jbagjHRop3uzcuFYA@mail.gmail.com>
 <nnv8rf$24e$1@blaine.gmane.org> <CAGa2bXZh1BP48oM+AHzB9Yb4r5+B+W8WDOU-KEsVe+N4KHza4g@mail.gmail.com>
Date: Sun, 7 Aug 2016 19:20:56 +0700
Message-ID: <CAEZPtU5UAc7d++kjPa3YFUN6w=p=73tyHrG8WGLfsJXXMWg2Gw@mail.gmail.com>
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
Cc: PHP internals <internals@lists.php.net>, Christian Stadler <stadli@gmx.de>
Content-Type: multipart/alternative; boundary=001a113d31c204744105397a5518
Subject: Re: [PHP-DEV] Adding validate_var_array()/validate_input_array() to
 which version?
From: pierre.php@gmail.com (Pierre Joye)

--001a113d31c204744105397a5518
Content-Type: text/plain; charset=UTF-8

On Aug 5, 2016 2:30 AM, "Yasuo Ohgaki" <yohgaki@ohgaki.net> wrote:
>
> Hi Christian,
>
> On Thu, Aug 4, 2016 at 8:27 PM, Christian Stadler <stadli@gmx.de> wrote:
> > Am 04.08.2016 um 12:10 schrieb Yasuo Ohgaki:
> >> Hi Christian and all,
> >>
> >> On Thu, Aug 4, 2016 at 10:07 AM, Christian Stadler <stadli@gmx.de>
wrote:
> >>> Am 01.08.2016 um 10:23 schrieb Yasuo Ohgaki:
> >>>> P.S. It's possible to return array that contains offending values. It
> >>>> is not included since users can store whole offending input array.
> >>>> Whole input is more useful for attack analysis.
> >>> Actually I wanted to suggest exactly that for ppl. who want to give
> >>> Feedback to their users, what values failed to validate to the users.
> >>> Probably with a fourth optional param, like `$return_invalid = false`?
> >>> Of course logging is a different topic and should always use the whole
> >>> offending input array.
> >> I can set offending value to filter globals so that it can be
> >> retrieved later in catch block. I cannot return or modify referenced
> >> parameter because of raised exception.
> >
> > Well, since some people have objections about raising exceptions here,
> > this should probably be either in a seperate vote or additional options
> > in the main vote. Probably something, like:
> > Yes, either | Yes, without the exception | Yes, with the exception | No
> > Personally I would vote for 'Yes, either'. If I could, that is.
>
> One of my objective is following best practices.
> Prefer exception over error is one of them. Although, I strongly suggest
> to use exception for validation errors, I will have choices.

I see them as conditions flow not errors per se but flow.

Invalid options could raise exceptions but it brings inconcistencies with
the other filter functions.

I feel like this rfc needs more discussions and maybe we will add more
things to filter as well.

But anything proposed is already possible very easily in userland. I would
not rush it into 7.1.

--001a113d31c204744105397a5518--