Related to the general topic of injection attacks, I was considering
submitting a PR to change the default of PDO::ATTR_EMULUATE_PREPARES to
FALSE, since this mistakenly can lead people to believe that using prepared
statements with PDO and MySQL protects against injection attacks. In fact,
this is
On Sat, 17 Jul 2021 at 4:05 pm, Marco Pivetta wrote:
> my belief is that this is not a runtime problem, but rather a type-level
> issue with tainted/untainted input/output.
>
Thank you for the feedback Marco,
As you appreciate, I don’t believe we can get every PHP developer to use
Static Analy
> Pol Dellaiera (https://github.com/drupol) has done a lot of work around
> this stuff, specifically the type inference bit, in
> https://github.com/loophp/combinator , so I see hope to get better types at
> a later stage.
I don't see a pipe combinator in there, but maybe I can't see it
through
On Sat, Jul 17, 2021, at 9:48 AM, Marco Pivetta wrote:
> Hey Larry,
>
> I just voted "NO" on this: it took me a long time to decide, because I've
> been vouching for pipe-alike operators myself for a while.
>
> The reason why I voted "no" is that this is feasible with a `pipe(callable
> $first, c
Hey Craig,
On Mon, Jul 5, 2021 at 8:15 PM Craig Francis
wrote:
> Hi Internals,
>
> I have opened voting on https://wiki.php.net/rfc/is_literal for the
> is-literal function.
>
> The vote closes 2021-07-19
>
> The proposal is to add the function is_literal(), a simple way to identify
> if a strin
I don't think the way it is going to be realeased is elegant solution
On Sat, Jul 17, 2021, 2:47 PM Andreas Leathley wrote:
> On 16.07.21 09:06, Nikita Popov wrote:
> > We cannot make properties readonly by default, because that would be a
> > major backwards compatibility break.
> >
> > If you'
Hey Larry,
I just voted "NO" on this: it took me a long time to decide, because I've
been vouching for pipe-alike operators myself for a while.
The reason why I voted "no" is that this is feasible with a `pipe(callable
$first, callable ...$piped)` function, without having to add syntax/AST for
it
On 16.07.21 09:06, Nikita Popov wrote:
We cannot make properties readonly by default, because that would be a
major backwards compatibility break.
If you're going for brevity, something you can do is omit the visibility
specifier, as it is public by default. "readonly int $prop" works.
Would i
On Sat, 17 Jul 2021 at 08:59, Hans Henrik Bergan
wrote:
> i can tell from only that diff that, at least as of 5.5.1, woocommerce is
> not compatible with @@SQL_MODE=ANSI_QUOTES :p
Yep, and I did that years ago - I preferred to use single quotes for
strings in PHP (so variables stood out), and
> On Jul 17, 2021, at 1:40 AM, Eugene Sidelnyk wrote:
>
> > Having a "readonly" class where the properties are read-only by default
> > makes sense to me, but maybe the better way to do it is with an attribute?
>
> We already have such an attribute provided. It is called
> [`#[Immutable]`](htt
oh thanks, now the vulnerability is clear. (i would still complain on that
as a pull request though, using double quotes for strings is just a
horrible idea, it's not compliant with ISO sql, and it depends on the MySQL
server it's running on *not* having @@SQL_MODE=ANSI_QUOTES enabled which
changes
11 matches
Mail list logo
