Re: [PHP-DEV] [RFC] is_literal

Hi Craig, > On Jun 12, 2021, at 1:00 PM, Craig Francis wrote: > > Hi Internals, > > I'd like to start the discussion on the is_literal() RFC: > > https://wiki.php.net/rfc/is_literal Nice! There is an awful lot to like here. And few bits of concern. What's to like? --- 1. A

Re: [PHP-DEV] [RFC] is_literal

On 2021-06-12 22:21, Craig Francis wrote: On Sat, 12 Jun 2021 at 19:59, Lauri Kenttä wrote: Hi, I wrote the untaint() / make_literal() function, just in case. implode("", array_map(fn($c) => $chars[ord($c)], str_split($s, 1))) https://3v4l.org/EaN9Z#focus=rfc.literals Sorry and bye. Ye

Re: [PHP-DEV] [RFC] is_literal

On Sat, 12 Jun 2021 at 19:59, Lauri Kenttä wrote: > Hi, > > I wrote the untaint() / make_literal() function, just in case. > > implode("", array_map(fn($c) => $chars[ord($c)], str_split($s, 1))) > > https://3v4l.org/EaN9Z#focus=rfc.literals > > Sorry and bye. > > Yes, I have a similar example in

Re: [PHP-DEV] [RFC] is_literal

Hi, I wrote the untaint() / make_literal() function, just in case. implode("", array_map(fn($c) => $chars[ord($c)], str_split($s, 1))) https://3v4l.org/EaN9Z#focus=rfc.literals Sorry and bye. -- Lauri Kenttä -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: https

Re: [PHP-DEV] [RFC] is_literal

Afternoon all, While this is not at all my idea, I wrote the patch, so my words may seem bias/hollow. Still, here are some words ... In the past this kind of feature would have been extremely invasive, it would have had so many edges because of the way we handled strings that it was never really

[PHP-DEV] [RFC] is_literal

Hi Internals, I'd like to start the discussion on the is_literal() RFC: https://wiki.php.net/rfc/is_literal is_literal() brings a proven way to identify Injection Vulnerabilities to PHP, already used by Google in their Java and Go projects, and is currently being added to JavaScript. It's a ligh

Re: [PHP-DEV] Re: RFC: CachedIterable (rewindable, allows any key&repeating keys)

Hi internals, > > > So I'm probably changing this to `ImmutableTraversable` as a short name > > > for the functionality, > > > to make it clear arguments are eagerly evaluated when it is created. > > > (ImmutableSequence may be expected to only contain values, and would be > > > confused with th

Re: [PHP-DEV] Re: [RFC] Under Discussion: Add Random class and RandomNumberGenerator interface

Sorry, I'm late to reply. > How much more "costly" would it be to define a class (implementing RandomNumberGenerator) and use its (full) name as the algo identifier? If the Random class always accepts an instance of the RandomNumberGenerator, it will be necessary to provide a class that implement