60

PHP: rfc:deprecate-backtick-operator-v2

 4 years ago
source link: https://wiki.php.net/rfc/deprecate-backtick-operator-v2
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Proposal

This RFC proposes that the use of the backtick operator emits a E_DEPRECATED warning in PHP 8.0, noting the use of shell_exec and its related family of functions to achieve the same goals. This proposal does not suggest that the backtick operator should be removed with the intent of using it for other functionality.

The grounds for deprecation (and eventually removal) are as follows:

* Alternative functions exist which are more descriptive, easily understood, and more readily searchable (for example, many common Google searches omit the “`” token entirely when searching).

* Backticks are visually easily confused with double or single quotes despite exhibiting radically different behaviour.

* This different behaviour is not subtle, in effect, one parses a string, a fairly simple operation, backticks on the other hand pause execution and takes the control flow completely outside of the PHP environment, executing any commands that it has access to with the full power of the shell. The author posits that this is too close for comfort. An clear example of where this is dangerous behaviour is that “$name” interpolates a string, whereas `$name` executes the contents of the $name variable in the shell, yet at a glance they look very similar. What would be obvious if “shell_exec” instead becomes an easy-to-hide, easy-to-miss statement of immense power.

* It could be considered unintuitive that single quoted strings do not support variable substitution, but single backticks do. This is something that is only covered in the user contributed notes (EN).

* It could be considered unintuitive that backticks already rely on the safe-mode and disabled-function settings for shell_exec, and while this is documented, without viewing the php-src it is not immediately obvious why (AST compilation re-writes to a user function call).

* Certain language keyboards have no native key for backtick (An example provided by Girgias is the French AZERTY keyboard where you need to hold Alt GR + 7 + one or two Spacebar presses).


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK