On Mon, 14 Jun 2021 at 08:30, Dan Ackroyd <dan...@basereality.com> wrote:
> Hi Craig, Joe,
>
> While I think the idea behind this RFC is great, the current
> implementation is terrible, as it will cause some fatal errors in
> production.
>
>
I'm not sure it's productive to call the implementation terrible. With
Someniatko's suggestion of a literal-string type, that issue (like so many
others) could be caught by a type-checker:
/** @return literal-string */
function getColor(): string {
return $_GET["color"]; // this would trigger a typechecker error
}
In fact I think there's a solid case for adding support for literal-string
to type checkers like mine today — mainly to prevent patterns that might
later lead to SQL injection.
