Hi Christoph, On Thu, Apr 30, 2015 at 9:27 AM, Christoph Becker <cmbecke...@gmx.de> wrote:
> > On Thu, Apr 30, 2015 at 8:24 AM, Stanislav Malyshev <smalys...@gmail.com > > > > wrote: > > > >> PHP types are not machine native types. But yes, it forces PHP type - > >> that's why it is *type* check. > > > > Type hint is better to stay as "hint" under weak mode. IMO. > > "Type hints" have never been hints. The wording is a misnomer. Try to > pass an int to a parameter declared as array, for instance. > I understand how it worked and how it will. "hint" sounds a little misleading. Since we named it already, we may follow the semantics. > > >> You are saying type checking which produces fatal errors does not match > >> your use case. OK, I can sympathize, but how introducing more > >> pseudo-types helps? You just fix one narrow use case that you have right > >> now while leaving the problem still in the same place. That's not a good > >> way to address it. > > > > I'm not concerning myself, but I'm worrying about users to write > > apps/libraries > > that can cause DoS easily. I don't want to see my my apps emit fatal > error > > by upgrading library just because library author decided to use type hint > > wrongly. > > A fatal error wouldn't constitute a DoS vulnerability, would it? > Attacker may inject huge ID value and/or they may simply access web sites to reach 2 billion limit, for example. > > > BTW, GMP integer is already integrated into PHP why not treat GMP as int? > > It's type "hint", isn't it? > > The basic idea of the STHs is to guarantee that the value is of the > respective type inside the function (parameter type "hints") resp. the > return value (return value type "hints") has the respective type. > > Accepting GMP for int just won't fit to this definition -- or it would > lead to a potentially considerable data loss. I mean accept GMP as PHP int in weak mode as it is, not converting C int. Strictly speaking GMP has its type, but it can be used as "string integer" now. i.e. $gmp_int_a + $gmp_int_b works just like $str_int_a + $str_int_b. Regards, -- Yasuo Ohgaki yohg...@ohgaki.net
