Document our type-juggling-prevention system

author: jvoisin 2018-08-21 14:22:44 +0200
committer: jvoisin 2018-08-21 14:22:44 +0200
commit: 20e9bfdece3d1b7de11c5e2d71d5d5be59bb54b4 (patch)
tree: aac44c96ebe10aef07eca58d938777c9bed1c682 /doc
parent: 01aff974e3e0af7df2250a2e7d5e8ee76b59752a (diff)
2 files changed, 19 insertions, 2 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst
index b3495ae..14626ce 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -109,8 +109,9 @@ It can either be ``enabled`` or ``disabled``.
 Prevent sloppy comparison
 ^^^^^^^^^^^^^^^^^^^^^^^^^
-sloppy_comparison, disabled by default, will prevent php `type
+:ref:`Sloppy comparison prevention <sloppy-comparisons-feature>`, disabled by default, will prevent php `type
-juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`_ (``==``) , preventing any bypass of a comparison.
+juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`_ (``==``):
+two values with different types will always be different.
 It can either be ``enabled`` or ``disabled``.
diff --git a/doc/source/features.rst b/doc/source/features.rst
index e420156..5543696 100644
--- a/doc/source/features.rst
+++ b/doc/source/features.rst
@@ -316,6 +316,22 @@ This feature is largely inspired from the
 `autostrict <https://github.com/krakjoe/autostrict>`_ module from `krakjoe <http://krakjoe.ninja>`__.
+.. _sloppy-comparisons-feature:
+Preventing sloppy comparisons
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+The aforementioned :ref:`strict mode <global-strict-feature>` only works with
+annotated types and native functions, so it doesn't cover every instances of
+`type juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`
+during comparisons. Since comparison between different types in PHP is
+`notoriously <https://secure.php.net/manual/en/types.comparisons.php>`__
+difficult to get right, Snuffleupagus offers a way to **always** use the
+``identical`` operator instead of the ``equal`` one (see the `operator section
+<https://secure.php.net/manual/en/language.operators.comparison.php>` for PHP's documentation
+for more details), so that values with different types will always be treated
+as being different.
 .. _readonly-exec-feature:
 Preventing execution of writable PHP files
author	jvoisin	2018-08-21 14:22:44 +0200
committer	jvoisin	2018-08-21 14:22:44 +0200
commit	20e9bfdece3d1b7de11c5e2d71d5d5be59bb54b4 (patch)
tree	aac44c96ebe10aef07eca58d938777c9bed1c682 /doc
parent	01aff974e3e0af7df2250a2e7d5e8ee76b59752a (diff)

diff --git a/doc/source/config.rst b/doc/source/config.rst index b3495ae..14626ce 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst
@@ -109,8 +109,9 @@ It can either be ``enabled`` or ``disabled``.
109	Prevent sloppy comparison	109	Prevent sloppy comparison
110	^^^^^^^^^^^^^^^^^^^^^^^^^	110	^^^^^^^^^^^^^^^^^^^^^^^^^
111		111
112	sloppy_comparison, disabled by default, will prevent php `type	112	:ref:`Sloppy comparison prevention <sloppy-comparisons-feature>`, disabled by default, will prevent php `type
113	juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`_ (``==``) , preventing any bypass of a comparison.	113	juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`_ (``==``):
		114	two values with different types will always be different.
114		115
115	It can either be ``enabled`` or ``disabled``.	116	It can either be ``enabled`` or ``disabled``.
116		117


diff --git a/doc/source/features.rst b/doc/source/features.rst index e420156..5543696 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst
@@ -316,6 +316,22 @@ This feature is largely inspired from the
316	`autostrict <https://github.com/krakjoe/autostrict>`_ module from `krakjoe <http://krakjoe.ninja>`__.	316	`autostrict <https://github.com/krakjoe/autostrict>`_ module from `krakjoe <http://krakjoe.ninja>`__.
317		317
318		318
		319	.. _sloppy-comparisons-feature:
		320
		321	Preventing sloppy comparisons
		322	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
		323
		324	The aforementioned :ref:`strict mode <global-strict-feature>` only works with
		325	annotated types and native functions, so it doesn't cover every instances of
		326	`type juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`
		327	during comparisons. Since comparison between different types in PHP is
		328	`notoriously <https://secure.php.net/manual/en/types.comparisons.php>`__
		329	difficult to get right, Snuffleupagus offers a way to always use the
		330	``identical`` operator instead of the ``equal`` one (see the `operator section
		331	<https://secure.php.net/manual/en/language.operators.comparison.php>` for PHP's documentation
		332	for more details), so that values with different types will always be treated
		333	as being different.
		334
319	.. _readonly-exec-feature:	335	.. _readonly-exec-feature:
320		336
321	Preventing execution of writable PHP files	337	Preventing execution of writable PHP files