Am 04.08.2016 um 12:10 schrieb Yasuo Ohgaki: > Hi Christian and all, > > On Thu, Aug 4, 2016 at 10:07 AM, Christian Stadler <sta...@gmx.de> wrote: >> Am 01.08.2016 um 10:23 schrieb Yasuo Ohgaki: >>> P.S. It's possible to return array that contains offending values. It >>> is not included since users can store whole offending input array. >>> Whole input is more useful for attack analysis. >> Actually I wanted to suggest exactly that for ppl. who want to give >> Feedback to their users, what values failed to validate to the users. >> Probably with a fourth optional param, like `$return_invalid = false`? >> Of course logging is a different topic and should always use the whole >> offending input array. > I can set offending value to filter globals so that it can be > retrieved later in catch block. I cannot return or modify referenced > parameter because of raised exception.
Well, since some people have objections about raising exceptions here, this should probably be either in a seperate vote or additional options in the main vote. Probably something, like: Yes, either | Yes, without the exception | Yes, with the exception | No Personally I would vote for 'Yes, either'. If I could, that is. > I don't mind adding this feature. It requires an API like > validate_get_offending_value(). (The name should be nicer) > How many of us are interested in this feature? Then this new function should have an offset param. With this I could check, if the array has any offending values and then continue with the rest ... mmh, now that I think of it, this isn't really necessary. Uhm, well anyway: I'd suggest, that the ind(ex/ices) should be returned rather, than the actual value names. Regards, Christian Stadler -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
