Prevent unsafe name-based constructor-injection
mindplay-dk opened this issue · 1 comments
mindplay-dk commented
Name-based injections currently are globally available, which is risky.
$c->register("foo", "Foo");
$c->register(Bar::class);
class Bar {
public function __construct(NotBar $bar) {}
}
The risk here, is that constructors may accidentally have something injected just because the parameter name happens to match, which is risky, and (in our experience) not very useful - in practice, using a less-general (usually qualified with .
) component name is much more common, is safer, and makes for more readable registrations.
The ability to resolve arguments to factory closes by name must of course be preserved.
mindplay-dk commented
Fixed in 2.0 release.