Saturday, March 10, 2007
Whose bright idea was that design?
If anyone is wondering why: PHP's strpos() returns “false” when the second string argument does not occur as a substring of the first argument, and returns 0 when the second string argument occurs at position 0 of the first string argument. Thus, strpos( “/admin”, “/admin” ) returns 0, but strpos( “Cabbage/admin”, “/admin” ) will return a positive integer.
You're supposed to test the return value explicitly: “if( strpos( $a, $b ) !== false)”, but it only says that like five times in giant red letters on the manual page (http://us2.php.net/strpos) so it's easy to see how someone could miss it.
Re: Cabbage Based Authentication
Besides being reason #3.1415926 for hating PHP, this is a further example of my dislike for dynamically typed languages (and muddled thinking). What we have here is a function that returns a positive integer if we find one string within another, but a boolean otherwise. This mixing of return types is futher compounded by the fact that in PHP, an integer value of 0 is also treated as the boolean “false” value.
So let's not fix strpos()
to return something sane, like
-1
for “string not found,” let's instead extend the
langauge with a silly “boolean only comparison” to fix this
particular problem.
I would really love to know what Rasmus Lerdorf was smoking …