Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96606 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 87917 invoked from network); 24 Oct 2016 20:40:00 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Oct 2016 20:40:00 -0000 Authentication-Results: pb1.pair.com smtp.mail=yohgaki@ohgaki.net; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=yohgaki@ohgaki.net; sender-id=pass Received-SPF: pass (pb1.pair.com: domain ohgaki.net designates 180.42.98.130 as permitted sender) X-PHP-List-Original-Sender: yohgaki@ohgaki.net X-Host-Fingerprint: 180.42.98.130 ns1.es-i.jp Received: from [180.42.98.130] ([180.42.98.130:50757] helo=es-i.jp) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id B7/C0-17723-E917E085 for ; Mon, 24 Oct 2016 16:39:59 -0400 Received: (qmail 61108 invoked by uid 89); 24 Oct 2016 20:39:54 -0000 Received: from unknown (HELO mail-qk0-f172.google.com) (yohgaki@ohgaki.net@209.85.220.172) by 0 with ESMTPA; 24 Oct 2016 20:39:54 -0000 Received: by mail-qk0-f172.google.com with SMTP id i34so7873461qkh.6 for ; Mon, 24 Oct 2016 13:39:52 -0700 (PDT) X-Gm-Message-State: ABUngvfcZaQ+vzhPXkeWREKghltrpEbHzGDWNqH8v93lT4FXrqQ7A3G4Y3HQDeNSf2YZ/BfzRkIQw1JU+hW5XA== X-Received: by 10.55.177.5 with SMTP id a5mr15941049qkf.153.1477341586450; Mon, 24 Oct 2016 13:39:46 -0700 (PDT) MIME-Version: 1.0 Received: by 10.140.22.38 with HTTP; Mon, 24 Oct 2016 13:39:05 -0700 (PDT) In-Reply-To: <5411747E-8AD8-441D-AFBA-0B80A7F550A1@koalephant.com> References: <1eab7492-596c-ffd2-81ed-0eb9256a033e@gmail.com> <0B722A15-A29F-498B-987F-F6BA5AA49EEF@bobs-bits.com> <59D6B40B-DC64-43A3-AED4-CD5C9C15B6BA@koalephant.com> <72B2986D-3C05-4929-9BDD-1A911FC9E793@koalephant.com> <5411747E-8AD8-441D-AFBA-0B80A7F550A1@koalephant.com> Date: Tue, 25 Oct 2016 05:39:05 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Stephen Reay Cc: Niklas Keller , Stanislav Malyshev , "internals@lists.php.net" , Davey Shafik , Xinchen Hui Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] header() removes all header of the same name. From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi all, I didn't answer this question and would like to make my point of view clear. On Thu, Oct 20, 2016 at 9:41 PM, Stephen Reay wrote: > Why is your concern so focussed on solving problems for inexperienced developers, who are effectively using functions incorrectly, at the expense of experienced developers who are doing the right thing? The reason why I'm focusing on problems for inexperienced developers is productivity with PHP. IMHO, it is better to remove gocha whenever it is possible. It's okay to read manual and search net to solve "obvious problem in code". However, if 10K developers spend 10 hours to solve a problem, 100K hours of productivity with PHP is lost. The change may have small impact, but small things add up. As long as there is reasonable alternative way to implement advanced behaviors and small impact on existing codes, it is better to provide easy and safe default behaviors. Making PHP easy to use and a productive language worths in the long run. This is the reason why some of my proposals are focusing on making PHP easy to use and safe to use by default. e.g. Provide correct and safe session management by default, prevent insane session usage and raise errors for them, add DbC support, make uniqid more unique, consistent function names, disallow script inclusion attacks, keep/improve URL rewriter rather than depreciating it (URL rewriter is _very_ useful to keep private site private, i.e. Disallow all cross site requests, therefore disallow CSRF, XSS completely. PHP 7.1 has dedicated output buffer and setting for user URL rewrite. It's easier and safer to use with PHP 7.1), etc. PHP is popular because it is easy to use and productive. Let's keep this and improve! Other languages/platforms are catching up. Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net