Re: [PHP-DEV] [RFC] RNG fixes

Hi! > Why do we need so many functions to get a random int anyways if we now > have random_int()? I would like to see all of them deprecated and > removed in PHP 8.0. I don't understand this drive to remove functions and break existing code. What is the point of it? If you don't like them, don't

Re: [PHP-DEV] New escaped output operator

> So, not needed in all 3 cases then... So, we can still use > Imagine that urlencode does not encode quotes - what function should we >> call for its result? > Ideally, an escape filter that performs both functions; if the aim is to make things easier No. The second function really depends on cont

[PHP-DEV] Re: Enable Zend Signals by Default

On Mon, Jun 20, 2016 at 1:25 PM, Dmitry Stogov wrote: So, I propose to switch zend-signals on, and revert back if it makes problems to 7.1 release process. Any objections? No objections here. I have been hitting annoying segfaults in 7.0 that will likely be helped by this. -Rasmus

Re: [PHP-DEV] New escaped output operator

Hi! > As mentioned a few times in this thread, htmlspecialchars(, not more, not less. And that is exactly the problem. Inventing operators to alias one invocation of one function with one specific set of parameters is not a good idea, unless there is a *VERY* good reason to do it. And the case f

Re: [PHP-DEV] New escaped output operator

Of course you can make the discussion endless by mentioning escaping of all kinds of third party frameworks like jQuery, but that's a bit off-topic here. As mentioned a few times in this thread, ... when I click reply :) Rowan Collins wrote on 21.06.2016 00:00: > On 20 June 2016 17:40:05 GMT+0

Re: [PHP-DEV] [RFC] Throw Exception on Attempt of Constant Redefinition

On 20 June 2016 21:42:43 GMT+01:00, Dmitry Stogov wrote: >The RFC was updated to propose this change only for PHP 8.0, and >thereby, vote is delayed for uncertain time. Why can't we have a vote now, committing to a change in 8.0? Doing so would have two advantages: - Users have extra advantage w

Re: [PHP-DEV] New escaped output operator

On 20 June 2016 17:40:05 GMT+01:00, "Михаил Востриков" wrote: >Actually, htmlspecialchars() is needed in all three cases: ... >You may not write htmlspecialchars together with urlencode just because >urlencode encodes all special characters with its own way. So, not needed in all 3 cases then...

Re: [PHP-DEV] [RFC] Throw Exception on Attempt of Constant Redefinition

The RFC was updated to propose this change only for PHP 8.0, and thereby, vote is delayed for uncertain time. I think, changing "Notice: Constant %s already defined" into "Deprecated: ..." in 7.1 doesn't make a lot of sense. Thanks. Dmitry. From: Pierre Joye

[PHP-DEV] Enable Zend Signals by Default

Hi, I'm going to enable Zend-Signals subsystem by default. With "Zend signals" enabled, we would have safe termination signal handling in opcache, that would prevent staying SHM in inconsistent state, in cost of few additional checks on each opcache SHM update (performance impact is negligible

Re: [PHP-DEV] New escaped output operator

On 20.06.2016 at 19:19, Rasmus Schultz wrote: >> [1] > > beauty! when can we have that?? :-) Maybe never, but at least somebody would have to pursue the RFC. See also the related discussion from 2013, starting with

Re: [PHP-DEV] New escaped output operator

> [1] beauty! when can we have that?? :-) -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] New escaped output operator

A "filter" is just a function - the difference is just global state indicating the current "default" function, which I think is a very bad idea. Just alias function calls as closures: $html = function ($str) { return htmlspecialchars($str); }; // "default filter" $attr = function ($str) { ... } /

Re: [PHP-DEV] New escaped output operator

On 18.06.2016 at 17:44, Rasmus Schultz wrote: >> Add a couple parens and its completely implementable in userland > > If we could autoload functions, I bet that's what everyone would be doing. FWIW, there is an respective RFC draft[1] "lying around". See also . [1]

Re: [PHP-DEV] New escaped output operator

On 20/06/16 16:51, Rasmus Schultz wrote: > If you're curious: https://github.com/mindplay-dk/kisstpl https://github.com/bitweaver ... couple of thousand templates with my personal extensions ... which I would not even consider rewriting and time soon. Moving from Smarty2 to 3 was bad enough ... an

Re: [PHP-DEV] New escaped output operator

Davey > - https://marc.info/?t=14585132381&r=1&w=2 — automatic template escaping > - https://marc.info/?t=13508266062&r=1&w=2 — this one even proposed the same syntax! > - https://marc.info/?t=14422554601&r=1&w=2 — tainted variables also "solves" this problem These discussions and arg

Re: [PHP-DEV] New escaped output operator

2016-06-20 17:51 GMT+02:00 Rasmus Schultz : > > My PHP is augmented with Smarty so I know which are template files and > > which are program code :) > > I name my template files "*.view.php", so I know which is which. > > I also head off every file with /** @var MyViewModel $view */ for IDE > supp

Re: [PHP-DEV] New escaped output operator

On 06/20/2016 10:24 AM, Rasmus Schultz wrote: There are three different escape mechanism needed there; if there is a shorthand for one, do you think it will be more likely or less that people will get the other two right? I have to agree with that - assigning special syntax to one kind of

Re: [PHP-DEV] New escaped output operator

> My PHP is augmented with Smarty so I know which are template files and > which are program code :) I name my template files "*.view.php", so I know which is which. I also head off every file with /** @var MyViewModel $view */ for IDE support and inspections with CS/MD/phan, etc. If you're curi

Re: [PHP-DEV] New escaped output operator

On 20/06/16 16:24, Rasmus Schultz wrote: > (and please, nobody say "use a template engine" - I *am* using a > template engine, it's called PHP!) My PHP is augmented with Smarty so I know which are template files and which are program code :) -- Lester Caine - G8HFL - C

Re: [PHP-DEV] New escaped output operator

> > > > > > > There are three different escape mechanism needed there; if there is a > shorthand for one, do you think it will be more likely or less that people > will get the other two right? I have to agree with that - assigning special syntax to one kind of escape-function gives that func

Re: [PHP-DEV] New escaped output operator

to make it more clear: is a shortcut for: Using 2016-06-20 11:12 GMT+02:00 Lester Caine : > >> On 20/06/16 07:00, Niklas Keller wrote: >> >> Now ... I want to add content that includes >> >> > it needs to be in the format >> >> >