Hi! > "int" Cast is bad. Incorrect "int" type hint worse as it could trigger DoS.
I do not see any potential for DoS here. Trying to assign security implications so it looks like disagreeing with you jeopardizes security is not a good idea. If your code accepts non-numeric data and puts it to functions that except integers without validation, it is bad code and "numeric" hint would not help here, as unvalidated data can contain anything. If unexpected input causes denial of service in your code, it is a code architecture problem, which should not be solved by adding stuff to PHP. > It's not all, but the main issue here is 32 bit CPU & PHP int is too > small for > database record IDs. Correct way to go there is treating these IDs as strings or objects and having code that handles them properly. If they do not fit PHP int, they should not be used with functions that expect int. > To maximize compatibility, arbitrarily size of int/float like > string/value should be > accepted as numeric(or int/float). No, it should not be, since they are neither int nor float. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
