Skip to content

Latest commit

 

History

History
39 lines (30 loc) · 2.33 KB

README.md

File metadata and controls

39 lines (30 loc) · 2.33 KB

Symfony Expression Language Arrow Function

Build Status Minimum PHP Version License Coverage Scrutinizer Code Quality Packagist

Arrow function (aka "Lambda Expression" or "Anonymous Function") support in Symfony Expression Language component.

Syntax

 (a) -> { a * 2 }
  ^  ^      ^
  |  |      '----- Function body is a single expression that can make use of passed parameters or global variables.
  |  '------------ The lambda operator - input parameters are to the left and the output expression to the right.
  '--------------- Comma-separated list of parameters passed to arrow function.

Safety

Returning callbacks can be dangerous in PHP. If the returned value is not checked, PHP may end up executing arbitrary global functions, static class methods or object methods.

Problem Example

$language = new ExpressionLanguage();
$expression = '(value) -> { value > 20 }';
$filter = $language->evaluate($expression);
$values = array_filter([18, 23, 40], $filter);

If $expression returns a string or array, array_filter() will arbitrarily call whatever was returned.

Solution

There are two solutions:

  • Set the type declaration of methods using the callback to Closure (not Callable!) - prone to mistakes and quite risky.
  • The engine returns the callback wrapped in an object that cannot be invoked by default - this is the safest option (and default one).