Hi Ryan I can see your argument. The reasoning behind it is that a function in the standard library should not encourage unsafe code. Admittedly, since this function is rarely used except for templating systems one could call this a non-issue. I just wanted to bring it up.
Regards On 15 Sep 2017, 19:30 +0200, Ryan Pallas <derokor...@gmail.com>, wrote: > > > > On Sep 15, 2017 11:22 AM, <ilija.tov...@me.com> wrote: > > > Hi! > > > > > > The `extract` function takes an associative array and puts it into the > > > local symbol table. > > > http://php.net/manual/en/function.extract.php > > > > > > ``` > > > $array = [ > > > ‘foo’ => ‘foo’, > > > ‘bar’ => ‘bar’, > > > ]; > > > > > > extract($array); > > > > > > print $foo; // "foo" > > > ``` > > > > > > As a second parameter the `extract` function takes some options to make > > > this function less dangerous, like `EXTR_SKIP` that prevents an existing > > > local variable of being overwritten. There’s a few more options, go ahead > > > and take a look at the documentation. `EXTR_OVERWRITE` is the default one > > > though. You can also pass a prefix for the variable names as a third > > > argument. > > > > > > I seriously doubt the usefulness of this function, especially looking at > > > the potential risks. The fact that overwriting the local variables is the > > > default behaviour doesn’t make it any better. I suggest deprecating it in > > > PHP 7.3 and removing it in 8. > > > > > > In a whole Symfony-Stack (3.4) with all of it’s dependencies I could only > > > find two usages of this function, both of which could be easily rewritten > > > in vanilla PHP: > > > https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Templating/PhpEngine.php#L148 > > > https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Templating/PhpEngine.php#L158 > > > > > > Only downside: A polyfill is probably impossible since you cannot mutate > > > the local symbol table of the callee (as far as I’m aware). > > > > > > Any thoughts? > > I see no gain by removing this function. I've also seen it used for > templating quite often. Yes the functionality could be changed not to use > extract and end up working the same to the consumer but why make people > rewrite these things for no apparent gain (and likely a small performance > hit)? > > > > > > > Regards > > > > > > >
