uuf6429 / expression-language-arrowfunc
Arrow function support in Symfony Expression Language
v0.1.0-alpha
2016-10-30 17:19 UTC
Requires
- php: >=5.5.9
- symfony/expression-language: ~3.2@dev
Requires (Dev)
- friendsofphp/php-cs-fixer: ^1.11
- phpunit/phpunit: ~4.8
This package is auto-updated.
Last update: 2024-12-21 02:43:13 UTC
README
Arrow function (aka "Lambda Expression" or "Anonymous Function") support in Symfony Expression Language component.
Syntax
(a) -> { a * 2 }
^ ^ ^
| | '----- Function body is a single expression that can make use of passed parameters or global variables.
| '------------ The lambda operator - input parameters are to the left and the output expression to the right.
'--------------- Comma-separated list of parameters passed to arrow function.
Safety
Returning callbacks can be dangerous in PHP. If the returned value is not checked, PHP may end up executing arbitrary global functions, static class methods or object methods.
Problem Example
$language = new ExpressionLanguage(); $expression = '(value) -> { value > 20 }'; $filter = $language->evaluate($expression); $values = array_filter([18, 23, 40], $filter);
If $expression
returns a string or array, array_filter()
will arbitrarily call whatever was returned.
Solution
There are two solutions:
- Set the type declaration of methods using the callback to
Closure
(notCallable
!) - prone to mistakes and quite risky. - The engine returns the callback wrapped in an object that cannot be invoked by default - this is the safest option (and default one).