On 07/30/2013 06:28 PM, Tim Starling wrote:
On 31/07/13 07:28, Max Semenik wrote:
I remeber we discussed using asserts and decided they're a bad idea for WMF-deployed code - yet I see
Warning: assert() [<a href='function.assert'>function.assert</a>]: Assertion failed in /usr/local/apache/common-local/php-1.22wmf12/extensions/WikibaseDataModel/DataModel/Claim/Claims.php on line 291
The original discussion is here:
http://thread.gmane.org/gmane.science.linguistics.wikipedia.technical/59620
Judge for yourself.
I'll further elaborate on the "[...] you have to put the source code inside a string [...]" part. From the [documentation][1]:
If the assertion is given as a string it will be evaluated as PHP code by assert().
As in: that function is just as evil as eval(), and the innocent looking
assert( "$_GET[id] > 0" );
can actually be a security vulnerability, depending on server configuration (yes, servers can be and are misconfigured). And when assert() is used like this (yes, there actually is one of these in WikibaseDataModel):
assert( $this->functionFromSuperclass() );
it might be necessary to check multiple files to verify that a string is not passed to assert().
Perhaps it might make sense to do
assert( (bool)( ... ) );
though, as pointed out previously, this really is no better than, say:
if ( !( ... ) ) { throw new MWException( '...' ); }
[1]: http://php.net/manual/en/function.assert.php