Tom, On 4/9/12 4:47 PM, "Tom Boutell" <t...@punkave.com> wrote:
>Let me be very clear about that... I am NOT proposing that <?php at >the top be mandatory in a file loaded in code mode! I don't want to >type it ever again outside of a template file, personally. See the >title of the RFC. See below. > >On Mon, Apr 9, 2012 at 7:06 PM, Luke Scott <l...@cywh.com> wrote: >> On 4/9/12 3:53 PM, "Tom Boutell" <t...@punkave.com> wrote: >> >>>I see why you want to allow <?php at the top to be optional in 'code >>>mode,' rather than disallowed in code mode. But your purpose is to >>>allow legacy code to be autoloaded without knowing in advance whether >>>it starts with <?php or not. And the problem is what exactly? Legacy code would be 5.4 code. PHP 5.3 is supported and code will be floating around for it for years to come. If I found a library on Github that was 5.4 compatible (starts with <?php) I don't want to remove the starting <?php just so my autoloader will read it. Ideally I'd like to be able to check out that code without touching it. >>>But that would probably lead in practice to the use of a single file >>>extension for old and new class files. >>> >>>And that, in turn, would lead to source code being spewed to the >>>browser for all to see if a perfectly respectable autoloader circa PHP >>>5.3 runs into one of these new files. >>> >>>This is a much more significant security issue than some of those >>>mentioned previously because perfectly well-written code would display >>>this behavior if someone unknowingly drops a newer library into, say, >>>the lib/ folder of a Symfony 1.4 project. Ouch. Leaving out the starting <?php tag would be a much bigger security risk if loading code with an older version of PHP. An older version of PHP is going to see this code as plain text printed to the browser. In fact I would probably make sure my config files ALWAYS started with a <?php tag to ensure passwords were safe. It would seem that the parser, in code mode, could skip to the <?php tag if there was one. If only white space was allowed before the <?php tag in code mode it would always be the first or second token. If there was non-whitespace before the <?php tag (assuming parsing is done on the same pass) it could assume the <?php tag wasn't being used and throw a parse error when it was encountered later. This _should_ be reasonable. You can leave out the starting <?php tag, I can keep it. ?> is forbidden in "code mode". Both <?php and ?> are usable in "template mode". Behavior is changed by constants next to require/include. Everybody wins, right? Luke >>>> >>>> >>>> I think you can you achieve that by making "template mode" default and >>>>the >>>> default changeable in the php.ini file. >>>> >>>> Something like this: >>>> >>>> /* >>>> Code only, <?php at top optional, no ?>. >>>> Text before opening <?php silently dropped >>>> >>>> */ >>>> >>>> require "/path/to/somefile.php", INCLUDE_CODE; >>>> >>>> /* >>>> Works exactly as it is now: <?php and ?> allowed. >>>> Text betweeen ?>...<?php printed to output buffer. >>>> */ >>>> >>>> >>>> >>>> require "/path/to/anotherfile.php", INCLUDE_TEMPLATE; // As it is now >>>> >>>> /* >>>> By default INCLUDE_TEMPLATE >>>> Can change default mode in php.ini to be INCLUDE_CODE if desired. >>>> */ >>>> >>>> require "/path/to/anotherfile.php"; // As it is now >>>> >>>> >>>> Personally I would like to be able to do something like this in my >>>>auto >>>> loader: >>>> >>>> include $file, INCLUDE_CODE & INCLUDE_SILENT; >>>> >>>> >>>> >>>> That way I can ensure pure code is being inserted and no warnings are >>>> thrown if the file doesn't exist (class undefined will be thrown >>>>anyway). >>>> >>>> I think it's important to make <?php optional at the top if you're >>>>using >>>> existing or third party libraries that you can't modify. At least then >>>> you'll be able to maintain backwards compatibility with most code >>>>written >>>> since PHP 5. >>>> >>>> (We don't need PHP_*. See the output of get_defined_constants() ). >>>> >>>> I like where this is going! Hopefully after the RFC has been finalized >>>> everyone else will agree. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
