Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP7 > body text

PHP 7.4 allows throwing exceptions from __toString()

藏色散人
Release: 2023-02-17 13:22:01
Original
2849 people have browsed it

PHP 7.4 allows Exceptions from __toString()

Introduction

Currently prohibited from __toString() throws an exception and will cause a fatal error. This makes calling arbitrary code dangerous and makes it a problematic general-purpose API. This RFC aims to remove this restriction.

The rationale for the current behavior is that string conversions are performed in many places throughout the engine and standard library, and not everywhere are prepared to handle exceptions "correctly", i.e. as early as possible.

From a technical perspective, this restriction is ultimately ineffective, since exceptions during string conversion can still be triggered by error handlers that convert recoverable errors into exceptions:

set_error_handler(function() {
    throw new Exception();
});
 
try {
    (string) new stdClass;
} catch (Exception $e) {
    echo "(string) threw an exception...\n";
}
Copy after login

In fact, Symfony exploits this vulnerability to bypass the current restrictions. Unfortunately, this relies on the $errcontext parameter, which disappeared in PHP 8.

However, until we do a full review of string conversion in this code base, past articles on this topic There has been no discussion of loosening this restriction. This has been done in an attached implementation request.

Recommendations

Allow exceptions to be thrown from __toString() and it will behave as usual. Fatal errors are no longer triggered.

Also, convert the "cannot be converted to a string" and "__toString() must return a string value" recoverable fatal errors into correct error exceptions, consistent with the error policy established in PHP 7 .

Extension Guidelines

Extension authors who want to gracefully handle exceptions from string conversions should consider the following guidelines:

● If zval_get_string( ), convert_to_string() and friends generate an exception, they still generate a string. This string is guaranteed to be temporary. This means there is no need to free it, but it is possible to do so. In context, you can choose the more convenient option.

● If the conversion from object to string fails, the result of the string conversion will be an empty string, or if the array is converted to a string and the error handler raises the result notification to an exception. "Array". (The behavior is the same as before.)

● Usually it is enough to check whether an exception was thrown using the usual if (EG(exception)) check:

zend_string *str = zval_get_string(val);
if (EG(exception)) {
    // Possibly free other resources here.
    return;
}
Copy after login

Except In addition, some helper APIs are provided that model conversions as error-prone operations: 

// Like zval_get_string() but returns NULL on conversion failure.
zend_string *str = zval_try_get_string(val);
if (!str) {
    // Possibly free other resources here.
    return;
}
// Main code.
zend_string_release(str);
 
 
// Like zval_get_tmp_string() but returns NULL on conversion failure.
zend_string *tmp, *str = zval_try_get_tmp_string(val, &tmp);
if (!str) {
    // Possibly free other resources here.
    return;
}
// Main code.
zend_tmp_string_release(tmp);
 
 
// Like convert_to_string() but returns a boolean indicating conversion success/failure.
if (!try_convert_to_string(val)) {
    // Possibly free other resources here.
    return;
}
// Main code.
Copy after login

try_convert_to_string() will not modify the original value if the conversion fails. Therefore, using it is safer than using convert_to_string() and exception checking.

While checking every string conversion will certainly put you on the safe side, ignoring these checks usually just results in a few unnecessary calculations and possibly redundant warnings. The main thing you should be aware of are operations that modify persistent structures (such as databases).

Backward-incompatible changes

The transition from a recoverable fatal error to an error exception is technically a BC break.

Translation: https://wiki.php.net/rfc/tostring_exceptions

The above is the detailed content of PHP 7.4 allows throwing exceptions from __toString(). For more information, please follow other related articles on the PHP Chinese website!

Related labels:
PHP 7.4
source:php.cn
Previous article:Weak References in PHP 7.4 Next article:How to install php7.4 on CentOS yum
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...
From 2024-04-06 22:09:02
0
1
1428
Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...
From 2024-04-06 22:03:59
0
1
990
What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...
From 2024-04-06 21:55:20
0
1
778
Problems encountered when using opentbs to generate odt files: values ​​of the same key are displayed in the same row instead of separate columns. I'm using a library called OpenTbs to create odt using PHP, I'm using it because columns a...
From 2024-04-06 20:18:18
0
1
483
Group MySQL results by ID for looping over I have a table with flight data in mysql. I'm writing a php code that will group and displ...
From 2024-04-06 17:27:56
0
1
406
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template