Hi Yasuo, Am 16.03.2015 um 07:22 schrieb Yasuo Ohgaki: > Caller _must_ satisfy callee requirements. This is simple principle to > write a secure code. > > With this RFC, caller overrides security related setting. This means > scripts > that are prepared for type safety is "ignored" and it leads security breach.
that is simply not true! The callee always gets the type it expects. There is no security problem involved here. The only difference is if type conversion rules apply or if an error is raised for a type mismatch. You clearly dislike the RFC (you voted no), that is OK, but don't scream of "security" bugs that don't exist. If they would exist, all type hint RFCs would have them in general. Greets, Dennis -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
