On Sun, May 15, 2016 at 10:46 PM, Nikita Popov <nikita....@gmail.com> wrote:
> Hi internals, > > The RFC > > https://wiki.php.net/rfc/forbid_dynamic_scope_introspection > > is now in voting. The vote closes on 2016-05-24 with a required majority > of 2/3. > > Nikita > Thanks to a comment on Reddit, I realized that the function list in the RFC is missing "assert() with a string argument" as a forbidden function. The reason is that assert() with a string is really just a different way of saying eval() -- so it will inherit the parent symbol table and may modify it. I missed this because the function was also missing from the opcache indirect var access list (remedied in [1]). I hope it's not a problem to add this case to the RFC even though it's already in voting. Nikita [1]: https://github.com/php/php-src/commit/b65b15c6f470cc3397ff7719d92cecc762c803e9
