rfc:on_demand_name_mangling
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
rfc:on_demand_name_mangling [2016/01/08 15:17] – Fixed incorrect example. bishop | rfc:on_demand_name_mangling [2019/07/16 12:25] (current) – Settled on formal polyfill name, php_mangle_superglobal bishop | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== PHP RFC: On-demand Name Mangling ====== | ====== PHP RFC: On-demand Name Mangling ====== | ||
- | * Version: 1.2b | + | * Version: 1.4 |
* Created Date: 2016-01-01 | * Created Date: 2016-01-01 | ||
- | * Updated Date: 2016-01-08 | + | * Updated Date: 2019-07-16 |
- | * Author: Bishop Bettini, bishop@php.net | + | * Author: Bishop Bettini |
* Status: Under Discussion | * Status: Under Discussion | ||
- | * First Published at: http:// | + | * First Published at: http:// |
===== Introduction ===== | ===== Introduction ===== | ||
Line 62: | Line 62: | ||
<?php | <?php | ||
print_r(get_defined_vars()); | print_r(get_defined_vars()); | ||
- | mangle_superglobals(); | + | php_mangle_superglobals(); |
print_r(get_defined_vars()); | print_r(get_defined_vars()); | ||
?> | ?> | ||
Line 81: | Line 81: | ||
[_GET] => Array | [_GET] => Array | ||
( | ( | ||
- | [a.b] => dot | ||
[a_b] => bracket | [a_b] => bracket | ||
[a$b] => dollar | [a$b] => dollar | ||
- | [a b] => space | ||
- | [a[b] => bracket | ||
) | ) | ||
) | ) | ||
</ | </ | ||
- | In this new implementation, | + | In this new implementation, |
- | In the example above, an '' | + | In the example above, an '' |
Importantly, | Importantly, | ||
Line 99: | Line 96: | ||
* find all superglobal keys that violate the PHP unquoted variable name regex ((Unquoted variable names must match the regex '' | * find all superglobal keys that violate the PHP unquoted variable name regex ((Unquoted variable names must match the regex '' | ||
- | * for each, create a new mangled key linked to the corresponding value. | + | * for each, create a new mangled key linked to the corresponding value |
Applications requiring name mangling may call the polyfill during their bootstrap phase to emulate prior engine behavior. | Applications requiring name mangling may call the polyfill during their bootstrap phase to emulate prior engine behavior. | ||
===== Proposal ===== | ===== Proposal ===== | ||
- | This RFC proposes to phase out automatic name mangling, | + | This RFC proposes to remove |
- | * Next minor release (currently 7.1): | + | * Upon acceptance: |
- | * Emit an '' | + | * Update documentation |
+ | * Release a userland polyfill that implements the historic mangling behavior | ||
+ | * Polyfill shall be available via composer (but not PEAR) | ||
* Next major release (currently 8.0): | * Next major release (currently 8.0): | ||
- | * Remove all name mangling code in super-global | + | * Remove all name mangling code in super-global |
- | * Release a userland polyfill implementing '' | + | |
==== Discussion ==== | ==== Discussion ==== | ||
Line 116: | Line 114: | ||
These questions were raised in the mailing list discussion. | These questions were raised in the mailing list discussion. | ||
- | === Should | + | === Should |
- | No, because we do not know how many instances of mangling may be present and we do not want to flood application logs. The proposed | + | Before version 1.3, this RFC proposed |
- | === How can I disable | + | > If I have a well behaved application that doesn’t rely on name mangling or have included the polyfill, how can I prevent a log message from being emitted when a user appends (unused) parameters to the query string that require mangling? |
- | Rouven Weßling asked: | + | and Nikita Popov commented: |
- | + | ||
- | > If I have a well behaved application that doesn’t rely on name mangling or have included the polyfill, how can I prevent a log message from being emitted when a user appends (unused) parameters to the query string that require mangling? | + | |
- | As written, one can't: the engine emits the error as soon as it mangles | + | > Even if it's only a single deprecation warning instead of multiple, |
+ | > Sure, it's informative. But it' | ||
- | This behavior is similar to [[http:// | + | Given that (a) an application could get spammed by malicious users((The '' |
=== Should an INI configuration control mangling? === | === Should an INI configuration control mangling? === | ||
Line 138: | Line 135: | ||
An INI setting to disable mangling must be engine-wide (e.g., '' | An INI setting to disable mangling must be engine-wide (e.g., '' | ||
- | It's still possible to provide an " | + | It's still possible to provide an " |
The polyfill approach is considered superior to the INI approach for three reasons: | The polyfill approach is considered superior to the INI approach for three reasons: | ||
Line 148: | Line 145: | ||
=== Should '' | === Should '' | ||
- | Early versions of this proposal (< v1.2) proposed using extract to mangle names. Rowan Collins and others pointed out this was an unnecessary complication: | + | Early versions of this proposal (< v1.2) proposed using '' |
However, '' | However, '' | ||
Line 158: | Line 155: | ||
<code php> | <code php> | ||
- | function | + | function |
$name = preg_replace('/ | $name = preg_replace('/ | ||
return preg_replace('/ | return preg_replace('/ | ||
} | } | ||
- | function | + | function |
if (version_compare(PHP_VERSION, | if (version_compare(PHP_VERSION, | ||
return; | return; | ||
} | } | ||
foreach ($_ENV as $var => &$val) { | foreach ($_ENV as $var => &$val) { | ||
- | $mangled = mangle_name($var); | + | $mangled = php_mangle_name($var); |
if ($mangled !== $var) { | if ($mangled !== $var) { | ||
$_ENV[$mangled] =& $val; | $_ENV[$mangled] =& $val; | ||
Line 181: | Line 178: | ||
< | < | ||
$ composer require php/ | $ composer require php/ | ||
- | $ cat app/boostrap.php | + | $ cat app/bootstrap.php |
<?php | <?php | ||
require __DIR__ . '/ | require __DIR__ . '/ | ||
- | mangle_superglobals(); | + | php_mangle_superglobals(); |
// ... | // ... | ||
Line 191: | Line 188: | ||
===== Proposed PHP Version(s) ===== | ===== Proposed PHP Version(s) ===== | ||
- | PHP 7.1 (for notice of impending BC break) and PHP 8.0 (for actual implementation and corresponding BC break). | + | PHP 8.0. |
===== RFC Impact ===== | ===== RFC Impact ===== | ||
Line 210: | Line 207: | ||
===== Open Issues ===== | ===== Open Issues ===== | ||
- | None so far. | + | None. |
===== Proposed Voting Choices ===== | ===== Proposed Voting Choices ===== | ||
- | A simple yes/no voting option with a 2/3 majority required. | + | A simple yes/no voting option with a 2/3 majority required: " |
===== Patches and Tests ===== | ===== Patches and Tests ===== |
rfc/on_demand_name_mangling.1452266247.txt.gz · Last modified: 2017/09/22 13:28 (external edit)