Warn on implicit bool to int conversion when using as array offset

[mvorisek]

Description

https://3v4l.org/TrG4u

using bool as array offset can be a mistake, also (string) false = ''

[hormus]

1. The manual states that the index can be string or integer
2. Since php 8.1.0 coercive false to string conversion produces E_DEPRECATED while in php 9 it is promoted to type error Because from an unknown source it's good code to filter/sanitize the data, even the index

https://wiki.php.net/rfc/deprecate-boolean-string-coercion

[mvorisek]

Since php 8.1.0 coercive false to string conversion produces E_DEPRECATED while in php 9 it is promoted to type error Because from an unknown source it's good code to filter/sanitize the data, even the index

https://3v4l.org/1c57W no warning even on master

[hormus]

the mistake is to fix that behavior since it will have to generate Type error on php 9 ex. echo false; rather sanitize and filter your inputs since $arr[null] = 'empty'; is the index with empty and valid string.
Example number 6 says boolean is converted to 0 if false or 1 if true, it's not error from php but the code can be improved by a user function to conform to values ​​of type int or string.
https://www.php.net/manual/en/language.types.array.php

[Girgias]

1. The manual states that the index can be string or integer

   2. Since php 8.1.0 coercive false to string conversion produces E_DEPRECATED while in php 9 it is promoted to type error Because from an unknown source it's good code to filter/sanitize the data, even the index

https://wiki.php.net/rfc/deprecate-boolean-string-coercion

This RFC has not been voted nor implemented.

Frankly, the bool to int conversion here is at least logical as it is standard behaviour and follow the type juggling semantics of the function context. The bigger issue is the implicit null to string conversion, which creates an empty string.

I've got those type juggling things in my rather, but this doesn't deserve its own issue IMHO.

[iluuu1994]

A warning for anything but string/int seems reasonable. Luckily we already disallow some problematic types (array and object in particular). The ones that are still allowed are:

• null
• bool
• resource (sadly)

Here's a quick PoC. master...iluuu1994:php-src:array-offset-coercion-warning

[Girgias]

Might want to tie it in with #7173 as that also tackles the same part to a degree

[github-actions]

There has not been any recent activity in this feature request. It will automatically be closed in 14 days if no further action is taken. Please see https://github.com/probot/stale#is-closing-stale-issues-really-a-good-idea to understand why we auto-close stale feature requests.

[mvorisek]

This issue is not stale. https://wiki.php.net/rfc/deprecate-boolean-string-coercion should be voted soon.

[iluuu1994]

@mvorisek We are not planning on voting on this RFC.

[github-actions]

There has not been any recent activity in this feature request. It will automatically be closed in 14 days if no further action is taken. Please see https://github.com/probot/stale#is-closing-stale-issues-really-a-good-idea to understand why we auto-close stale feature requests.