Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:94905
Return-Path: <yohgaki@ohgaki.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 6777 invoked from network); 7 Aug 2016 22:20:58 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Aug 2016 22:20:58 -0000
Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender)
X-PHP-List-Original-Sender: yohgaki@ohgaki.net
X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp  
Received: from [180.42.98.130] ([180.42.98.130:44533] helo=es-i.jp)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F8/55-33134-744B7A75 for <internals@lists.php.net>; Sun, 07 Aug 2016 18:20:58 -0400
Received: (qmail 41887 invoked by uid 89); 7 Aug 2016 22:20:52 -0000
Received: from unknown (HELO mail-qk0-f182.google.com) (yohgaki@ohgaki.net@209.85.220.182)
  by 0 with ESMTPA; 7 Aug 2016 22:20:52 -0000
Received: by mail-qk0-f182.google.com with SMTP id v123so174655975qkh.3
        for <internals@lists.php.net>; Sun, 07 Aug 2016 15:20:51 -0700 (PDT)
X-Gm-Message-State: AEkoouulK8n/l0CGccIzg1QCm22F6xIJW4uECP6Lf+uLWaGqI0a8Oxu/ZLzzDwCZ2Yr7WzoiHLABSwRpTu/dbw==
X-Received: by 10.55.76.17 with SMTP id z17mr9601601qka.96.1470608445146; Sun,
 07 Aug 2016 15:20:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.85.242 with HTTP; Sun, 7 Aug 2016 15:20:04 -0700 (PDT)
In-Reply-To: <CAEZPtU5UAc7d++kjPa3YFUN6w=p=73tyHrG8WGLfsJXXMWg2Gw@mail.gmail.com>
References: <CAGa2bXa8Oj=xi6ZUKYFe5XXuhZvOL6JT=31QHoq8EG-9veGDBg@mail.gmail.com>
 <nnu4fj$cul$1@blaine.gmane.org> <CAGa2bXZrtf1jy_W4Dzs72mxs9kmXx5586jbagjHRop3uzcuFYA@mail.gmail.com>
 <nnv8rf$24e$1@blaine.gmane.org> <CAGa2bXZh1BP48oM+AHzB9Yb4r5+B+W8WDOU-KEsVe+N4KHza4g@mail.gmail.com>
 <CAEZPtU5UAc7d++kjPa3YFUN6w=p=73tyHrG8WGLfsJXXMWg2Gw@mail.gmail.com>
Date: Mon, 8 Aug 2016 07:20:04 +0900
X-Gmail-Original-Message-ID: <CAGa2bXaGQrYFsiULwBA3mMLH-61LuLSwwu9KZiqy799a4VwJjA@mail.gmail.com>
Message-ID: <CAGa2bXaGQrYFsiULwBA3mMLH-61LuLSwwu9KZiqy799a4VwJjA@mail.gmail.com>
To: Pierre Joye <pierre.php@gmail.com>
Cc: PHP internals <internals@lists.php.net>, Christian Stadler <stadli@gmx.de>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Adding validate_var_array()/validate_input_array() to
 which version?
From: yohgaki@ohgaki.net (Yasuo Ohgaki)

Hi Pierre, Niklas

On Sun, Aug 7, 2016 at 9:20 PM, Pierre Joye <pierre.php@gmail.com> wrote:
> I would not rush it into 7.1.
On Mon, Aug 8, 2016 at 12:20 AM, Niklas Keller <me@kelunik.com> wrote:
> Isn't it a bit late to target 7.1 anyway?

I feel the same way indeed. However, it does not change existing
feature at all, but this is a pure addition. It's one of the largest
mandatory piece that PHP is missing. It's good for 7.1.0, IMO.
(Another largest piece is escaping API for basic needs. e.g.
we don't even have JavaScript string escape API.)

I made choices for targeted version,  7.1.0 or 7.2.0

https://wiki.php.net/rfc/add_validate_functions_to_filter

If this RFC is passed for 7.2.0, then we can adjust the feature until
its release.


> But anything proposed is already possible very easily in userland.

This part is debatable. To implement feature that provides
filter_require_*() and validation filter behavior with them, users
have to write many lines of code. Some features are hard to implement
in user code such as INT/OCTAL/HEX overflow detection.


> I see them as conditions flow not errors per se but flow.
> Invalid options could raise exceptions but it brings inconsistencies with the other filter functions.

I really think we should have Exception handling standard in
CODING_STANDARD, too.
This issue could be handled by PHP 8.0 or PHP 7.2.

> I feel like this rfc needs more discussions and maybe we will add more things to filter as well.

Validation filters with new functions are made to work conservative
way. So it would not be a issue relaxing them later.

Use of exception is issue. IMO, it would be more useful if there is
filter validation exception object that has more details in it. i.e.
Offensive input key, data, filter name and filter options, remove
filter_get_invalid_key(). I may add the new exception,
FilterValidateException. (I choose "Validate" here, since most
exceptions will be raised by validation filters)

In fact, I don't like the way exception works currently. I'll add
mentioned FilterValidateException before vote. Does this make you feel
better?

I feel the feature is fully implemented if I add FilterValidateException.

Regards,

P.S. There is conflicting pressures on RFC. I need to minimize changes
so that reviewer can understand the RFC easily, but I would like to
implement feature fully. Some changes cannot add/work well
individually. This exception issue is one of them, another is
https://wiki.php.net/rfc/precise_session_management  It includes
mandatory feature for proper/secure session management and implements
all possible features that would be required. Yet, it is declined :(

--
Yasuo Ohgaki
yohgaki@ohgaki.net