Hi Tim On 10/14/23 14:42, Tim Düsterhus wrote: > Hi > > On 10/14/23 13:54, Niels Dossche wrote: >>> (a) Call ucfirst(), but not strtoupper() >>> (b) Call both >> >> You can call both, it's additive. >> > > Okay, for your suggestion (1) the following would work then? > > // Register all native PHP functions. > $xpath->registerPHPFunctions(null); > > // Register additional callables. > $xpath->registerPHPFunctions([ > 'staticMethod' => ClassWith::staticMethod(...), > 'classWithMagicInvoke' => new ClassWithMagicInvoke(), > ]);
Yes this would work. > > I would not find that usage to be too unreasonable. Especially since > allow-listing *all* of PHP's global functions would be pretty questionable > (looking at eval() and all functions with side-effects). That's a fair argument, allowlisting all would indeed be not very defensive programming. Thanks for your input. > > Best regards > Tim Düsterhus Cheers Niels -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https://www.php.net/unsub.php
