Hi Christian and all, On Thu, Aug 4, 2016 at 10:07 AM, Christian Stadler <sta...@gmx.de> wrote: > Am 01.08.2016 um 10:23 schrieb Yasuo Ohgaki: >> P.S. It's possible to return array that contains offending values. It >> is not included since users can store whole offending input array. >> Whole input is more useful for attack analysis. > > Actually I wanted to suggest exactly that for ppl. who want to give > Feedback to their users, what values failed to validate to the users. > Probably with a fourth optional param, like `$return_invalid = false`? > Of course logging is a different topic and should always use the whole > offending input array.
I can set offending value to filter globals so that it can be retrieved later in catch block. I cannot return or modify referenced parameter because of raised exception. I don't mind adding this feature. It requires an API like validate_get_offending_value(). (The name should be nicer) How many of us are interested in this feature? Thank you for feedback! -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
