cabbey

cabbey, 6 days ago

@ramsey gunna use a goto in production code?

cabbey, 12 days ago

@kboyd @ian Power (PC) to the people!

cabbey, 13 days ago

BUT... this brings me to two questions that don't seem obvious from the docs and sources. 1. as a result of moving some consts from one class to another, I now have a lot of files that went from 1 long use SomePackage\Name\Space\Here\To\AClass; and a ton of AClass::SomeConst to a lot of files with an unused import and a ton of very long fully qualified consts sprinkled through the code. Has anyone seen a rector to collapse frequently used namespaces into a use statement?

cabbey, 13 days ago

AAHHHH... because it's not a Rector it's just a config option... ->withImportNames()

but that changes everything not just the things it touches... which ... omg ..... just no. (2000 files touched just by changing that setting.)

cabbey, 13 days ago

@shudder no… 2000+ files that it touched to change “class Yada implements \NameSpace\Foo\Bar\SoupInterface” to “use \NameSpace\Foo\Bar\SoupInterface;
class Yada implements SoupInterface”

The vast majority of our codebase only imports the class if it’s used more than once in the file… this just undid that globally for two big classes of use cases: implementing interfaces and trait usage.

The actual changes I had been making in rector.php only impacted a couple dozen files.

cabbey, 13 days ago

@alessandrolai @shudder yeah, played with them to not much improvement. Currently thinking I’ll do a two pass approach. First use the renaming rectors I’ve configured against the whole codebase, then got diff to get the list of changes files and run a separate rector on just those files with this option. Will experiment with that in the morning.

cabbey, 15 days ago

@Crell yeah, just trying to get a feel for how long the stagger is. But also meh… it’s not a lot of data, and it’s CDN’d pretty hard.

cabbey, 20 days ago

@afilina oooh! I didn't know this package existed. I think pretty much every package from The League I've used has fit this description though, so that's a good sign. Sadly, after looking at it's docs, it doesn't even attempt to solve the biggest problem I think @kboyd and I see with writing csv files... managing the column positions when you have variable data. :(

cabbey, 20 days ago

@afilina @kboyd say you have 50 columns... say 40 of them are populated in every row, but the other 10 you get some random subset (depending on what the other values maybe, you may have 10 of them or you may have 3 of them or somewhere between.) Then say you have another 6 or so columns that get added for certain customers but not for others.
It would be awesome if you could give it a header array and then pass in a hash for the row and have it populate just the ones that are set.

cabbey, 20 days ago

@kboyd @afilina or a patch to add it if they're open to it.

cabbey, 20 days ago

@afilina @kboyd ahh... I must have misunderstood what formatters could do... I thought they were processed cell by cell. If they get the whole record then yeah, that would probably work.

cabbey, 22 days ago

@valorin @bobmagicii @j3j5 eh, I dunno... this was my first exposure to him as well and frankly the fact that he called utf-8 "the encoding for English" basically put me into "lol, no." mode and closed the tab,. Thank you @andrewfeeney for the direct CVE link.

cabbey, 22 days ago

@valorin @mergy @bobmagicii @andrewfeeney distros should be able to just land a new, patched, module. The only reason there are manual steps here is the attempt to work around the fixed binary not being available. #ubuntu for example seems to have already dropped a fix: https://ubuntu.com/security/notices/USN-6737-1

cabbey, 22 days ago

@bobmagicii oh yeah, there's certainly something to be said for being able to just ssh into a box, boot the encoding out of the support list and rebuild the iconv catalogs. :)

cabbey, 22 days ago

@andrewfeeney @arnan @valorin @mergy we don’t know yet.

But assumed worst case: there is some magic string that if they can get your web server to spit it out, in that encoding, can be used to dump anything php has access to… or run any arbitrary assembly… as your php user.

There are probably a dozen lesser degrees too.

Disclaimer: I’m not a security researcher either… it’s been 20+ years since I sat down and crawled through any code looking for malicious ways to abuse it.

cabbey, 20 days ago

@grmpyprogrammer ooh, they still exist? All the ones out here closed last year.

cabbey, 27 days ago

@Girgias not sure I follow how that would help?

cabbey, 27 days ago

@Girgias ooh, yeah. I thought you meant down a level in foo. That's easy enough to determine if the flag is null that I don't think this is helpful. Also I'll note that in the real code, due to multiple named optional parameters it's a bit more complex: https://3v4l.org/PfBe4

cabbey, 26 days ago

@Crell honestly mostly trying to avoid having two copies of the call to foo() in an if/else with different argument lists. (way more obvious why in the real case with more params to foo.)
It really boils down to "this library allows you to specify an old format version and defaults to it's current one, which is an internal detail." vs "this function lets you specify the version of the object you're dealing with, in case you need to use an old object from storage"

cabbey, 26 days ago

@Girgias yeah, certain Obj-C library programmers really love that trick too. I recall an entire library for doing graphics that had functions like drawLine() which took 100 named variables, because you could specify points with x/y coords or with angle (as degrees or radians) and distance, or with a data class called a Point, then the other end could be specified with all sorts of different approaches including both absolute and relative offset from the start. Ugh. So glad #php doesn't do that!

cabbey, 26 days ago

@Crell I was a Java developer for several years, I still cringe every time I resort to using reflection (all in tests, never in production code!) because of the memories of just how painful the performance penalties were back then.

I just started the PR with the "assemble an array and spread it" approach. I suspect it won't be received with torches and pitchforks.

cabbey, 24 days ago

@ramsey @gmazzap yeah, as I discussed with crell in another branch of the thread the root issue was avoiding two calls to foo in a conditional with a long argument list. The solution I put into PR Friday assembles an argument array, conditionally adds the one discussed here then calls foo(…$args);