Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use explicit mixed for global array variables #1411

Merged
merged 3 commits into from
Jun 13, 2022
Merged

Use explicit mixed for global array variables #1411

merged 3 commits into from
Jun 13, 2022
+61 −1

Conversation

herndlm
Copy link
Contributor

@herndlm herndlm commented Jun 10, 2022

Refs: phpstan/phpstan#7450

well, let's see how much this will break..

@herndlm herndlm force-pushed the global-variable-explicit-mixed branch from 07db8b4 to 42f333b Compare June 10, 2022 09:13
@ondrejmirtes
Copy link
Member

Definitely needs to be a bleedingEdge tag :) Don't forget to update LazyScopeFactory + DirectScopeFactory.

@herndlm herndlm marked this pull request as ready for review June 10, 2022 20:38
@herndlm
Test also without checkExplicitMixed

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
584c30d
@herndlm herndlm force-pushed the global-variable-explicit-mixed branch from 59b16c4 to 584c30d Compare June 12, 2022 07:49
@herndlm herndlm requested a review from ondrejmirtes June 12, 2022 08:05
@ondrejmirtes ondrejmirtes merged commit bca6372 into phpstan:1.7.x Jun 13, 2022
@ondrejmirtes
Copy link
Member

Perfect, thank you!

@herndlm herndlm deleted the global-variable-explicit-mixed branch June 13, 2022 09:01
@gnutix
Copy link
Contributor

gnutix commented Jun 21, 2022
edited
Loading

Hey there. Just a question @herndlm :

I try to explain to colleagues that we should handle this type-safe

How exactly do you do that in this scenario ? Storing the value of the global array you want to use into a variable and using @var on the variable, or doing is_*() (string, numeric, ...) kind of checks on the value of the global array before using it ?

@ondrejmirtes
Copy link
Member

Developers should never use @var, especially not on an untrusted user input 😊

The right approach now is cuyz/valinor, or azjezz/psl.

@herndlm
Copy link
Contributor Author

herndlm commented Jun 23, 2022

How exactly do you do that in this scenario ? Storing the value of the global array you want to use into a variable and using @var on the variable, or doing is_*() (string, numeric, ...) kind of checks on the value of the global array before using it ?

yeah, basically just https://phpstan.org/writing-php-code/narrowing-types. We just had some simple primitive type fields/vars from $_POST, just as the playground-snippet from the linked discussion.

for more complex array shapes I would definitely also try to use what Ondrej suggested in the previous comment. Never used those libs, but they are on my list :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ondrejmirtes ondrejmirtes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@herndlm @ondrejmirtes @gnutix