Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94904 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 4426 invoked from network); 7 Aug 2016 21:46:25 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 7 Aug 2016 21:46:25 -0000 Authentication-Results: pb1.pair.com smtp.mail=me@daveyshafik.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=me@daveyshafik.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain daveyshafik.com from 209.85.216.169 cause and error) X-PHP-List-Original-Sender: me@daveyshafik.com X-Host-Fingerprint: 209.85.216.169 mail-qt0-f169.google.com Received: from [209.85.216.169] ([209.85.216.169:36122] helo=mail-qt0-f169.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id F3/F4-33134-03CA7A75 for ; Sun, 07 Aug 2016 17:46:24 -0400 Received: by mail-qt0-f169.google.com with SMTP id 52so196206625qtq.3 for ; Sun, 07 Aug 2016 14:46:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=daveyshafik-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=luuE1hbD/9rgd5wOTdMwQzLsS2Wy2Jy0mtFnvDsRAAQ=; b=JG4bWg717XOdi3PDgMr8gc1QXiLNLzz8IuwouS7uEpx8qz6aEhjQWBCGfQegs63H1d Df2GHBCc4FupbtqaTaFj+Y4icx8YzKG4tNr+NTCzSWJwB56WZqRymhWtTJc8uZZvNa1C M7OCELmbVuiFXghoz58SJN37PaeH6oHM45yDRtv1ixPJRtz7luP/jM55rlLngHjPTG/A OvMfQoWWe5vAjjkxkmQ94PkSpO2IUrsw90Yq5Z1o2docKx//N4FeSNBKBJ3jgfuko91Z stHNGnHs+Rzw69TiLrPF+Olv3arWH70ufQSZJ9yxBUzV/nnn6b6fTzxgxBZJ6VP66cE5 Rf5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=luuE1hbD/9rgd5wOTdMwQzLsS2Wy2Jy0mtFnvDsRAAQ=; b=PbZJ25WTa7FDF81ohR41Wt5KJZAzbifqtBs4o6KfKgp8CCI96qLkgS64Y6VBTVyz3n xXwSVT+JMfB4rujZFNmbeSse1cCwxaSaSf4sTF1wHTOK3M39rftZuzrNR1u+gGuOocOA hMVE7dLR9vwfrjGKo5O/62RYi0QGsqvSl85QkrA9k51IPhTdysNYKb+RCsiN9LaMDGEj cBbbcoWIf5EqSnb3Q7gwED2an7eQtb4w91Yg9rJy172/SC76NS/qYfaRCUKoTI0hm14a by6ubhOKEAVP/CqxBkLdEFUnLKjsLWFyNFkHY1KBQ+O7Y0rL/sNUdBAWA+yU4Fz7TgZk nLOg== X-Gm-Message-State: AEkoousFSbwQI7kVV13D3kt2oWlDclBYXLRHZ1OWLp+8yNtFSXxteSWrcqYTy+fWrNCT10Fh9IWemXy9hF0txFQG X-Received: by 10.200.52.182 with SMTP id w51mr25061172qtb.90.1470606381919; Sun, 07 Aug 2016 14:46:21 -0700 (PDT) MIME-Version: 1.0 Sender: me@daveyshafik.com Received: by 10.237.55.138 with HTTP; Sun, 7 Aug 2016 14:46:21 -0700 (PDT) In-Reply-To: References: Date: Sun, 7 Aug 2016 14:46:21 -0700 X-Google-Sender-Auth: rWJIXJuf2GMb9WaVCtTZuyjtkGM Message-ID: To: Niklas Keller Cc: Pierre Joye , Yasuo Ohgaki , PHP internals , Christian Stadler Content-Type: multipart/alternative; boundary=001a11350a52ffc73a0539823a2e Subject: Re: [PHP-DEV] Adding validate_var_array()/validate_input_array() to which version? From: davey@php.net (Davey Shafik) --001a11350a52ffc73a0539823a2e Content-Type: text/plain; charset=UTF-8 On Sun, Aug 7, 2016 at 8:20 AM, Niklas Keller wrote: > 2016-08-07 14:20 GMT+02:00 Pierre Joye : > > > On Aug 5, 2016 2:30 AM, "Yasuo Ohgaki" wrote: > > > > > > Hi Christian, > > > > > > On Thu, Aug 4, 2016 at 8:27 PM, Christian Stadler > wrote: > > > > Am 04.08.2016 um 12:10 schrieb Yasuo Ohgaki: > > > >> Hi Christian and all, > > > >> > > > >> On Thu, Aug 4, 2016 at 10:07 AM, Christian Stadler > > wrote: > > > >>> Am 01.08.2016 um 10:23 schrieb Yasuo Ohgaki: > > > >>>> P.S. It's possible to return array that contains offending values. > > It > > > >>>> is not included since users can store whole offending input array. > > > >>>> Whole input is more useful for attack analysis. > > > >>> Actually I wanted to suggest exactly that for ppl. who want to give > > > >>> Feedback to their users, what values failed to validate to the > users. > > > >>> Probably with a fourth optional param, like `$return_invalid = > > false`? > > > >>> Of course logging is a different topic and should always use the > > whole > > > >>> offending input array. > > > >> I can set offending value to filter globals so that it can be > > > >> retrieved later in catch block. I cannot return or modify referenced > > > >> parameter because of raised exception. > > > > > > > > Well, since some people have objections about raising exceptions > here, > > > > this should probably be either in a seperate vote or additional > options > > > > in the main vote. Probably something, like: > > > > Yes, either | Yes, without the exception | Yes, with the exception | > No > > > > Personally I would vote for 'Yes, either'. If I could, that is. > > > > > > One of my objective is following best practices. > > > Prefer exception over error is one of them. Although, I strongly > suggest > > > to use exception for validation errors, I will have choices. > > > > I see them as conditions flow not errors per se but flow. > > > > Invalid options could raise exceptions but it brings inconcistencies with > > the other filter functions. > > > > I feel like this rfc needs more discussions and maybe we will add more > > things to filter as well. > > > > But anything proposed is already possible very easily in userland. I > would > > not rush it into 7.1. > > > > Isn't it a bit late to target 7.1 anyway? > Yes, it is much too late for 7.1, this will have to be targeted towards 7.2+ - Davey --001a11350a52ffc73a0539823a2e--