Current implementation of binary mode (RequestFactory::setBinary()) is stupid and encourages insecure behavior, because I usually want to transfer only a single parameter in binary. To achieve that user should not disable UTF-8 validation on all input parameters.
We should either
- remove the binary mode entirely or
- improve it to support binary mode only for parameter with certain name.
Currently I'm in favor of the first option for the following reasons:
- transporting binary data is rare
- users can very easily just use
$_GET['binaryData'] or $_POST['binaryData'] – its ugly but practical
- users can implement wrapper around
RequstFactory which would allow specifying that certain parameters should be treated as binary.
Thoughts? cc @dg, @fprochazka
Note: If we choose the remove the binary mode entirely with the vision that users may implement custom wrapper around RequestFactory we may no longer throw exception (see #30 for related discussion) for invalid parameters.
Current implementation of binary mode (
RequestFactory::setBinary()) is stupid and encourages insecure behavior, because I usually want to transfer only a single parameter in binary. To achieve that user should not disable UTF-8 validation on all input parameters.We should either
Currently I'm in favor of the first option for the following reasons:
$_GET['binaryData']or$_POST['binaryData']– its ugly but practicalRequstFactorywhich would allow specifying that certain parameters should be treated as binary.Thoughts? cc @dg, @fprochazka
Note: If we choose the remove the binary mode entirely with the vision that users may implement custom wrapper around
RequestFactorywe may no longer throw exception (see #30 for related discussion) for invalid parameters.