On Mon, 19 Jul 2021 at 19:59, Craig Francis <cr...@craigfrancis.co.uk> wrote:
> On Mon, 5 Jul 2021 at 19:14, Craig Francis <cr...@craigfrancis.co.uk> > wrote: > >> I have opened voting on https://wiki.php.net/rfc/is_literal for the >> is-literal function. >> > > This RFC has been rejected; with 10 votes in favour, and 23 against. > [...] > And thank you to Matthew Brown for adding the 'literal-string' type to > Psalm: > https://github.com/vimeo/psalm/releases/tag/4.8.0 > FYI: The 'literal-string' type has now been added to PHPStan, thanks to Ondřej Mirtes: https://github.com/phpstan/phpstan/releases/tag/0.12.97 Obviously I'd still like libraries to be able to protect everyone from introducing Injection Vulnerabilities (as the majority of programmers don't use static analysis), but that's for another day. Craig
