From: Operating system: PHP version: Irrelevant Package: Scripting Engine problem Bug Type: Feature/Change Request Bug description:Context objects replacing "template engines"
Description: ------------ PHP once was a kind of template engine, nowadays it is much more and we use or write our own template engines to ensure separation of code and layout (or data). Its a strange evolution, that most template engines "compile" their language back to PHP for faster execution. So, why can't we just write templates in PHP? We can, but it requires discipline, because template writers could start programming and could start using functionality that was not meant for them. Here is a suggestion, which involves the PHP core, but would have many uses. We invent contexts. A context can be created, configured and a single or a list of php files can be executed through them. Example: $ctx = new context(); $ctx->add_class( "some_class" ); // makes class visible in context $ctx->add_global( "some_global", $value_of_some_global ); $ctx->add_function( "some_global_function" ); $ctx->enable_builtin( "strlen" ); $ctx->enable_builtin( "strtolower" ); $ctx->enable_builtin( "strtoupper" ); $ctx->enable_super_global( "_REQUEST" ); // short_tags make a lot of sense in template-like scripts $ctx->enable_short_tags( true ); // execute and return output as a string (avoid output buffer fiddling) $output = $ctx->execute_and_return_output( "some_script.php" ); // execute, like include/require $return_value = $ctx->execute( "some_script.php" ); A script executed in a context has only limited functionality, it can use all language constructs, but NO built-in functions, and does not see classes, functions, globals and so on. Any functionality must be explicitely enabled on the context object! Of course this will require some work on the PHP core, but IMHO it is worth it. Template engines can be thrown away, template caches (which usually are "compiled" to PHP code) and all its problems (including security-related problems) can become a thing of the past, and PHP could be used for templating again, but in a safe manner this time. If people agree and like this feature, I would love to help on the development on the PHP core. Maybe this can even become a PHP 6 feature, maybe PHP 7. -- Edit bug report at http://bugs.php.net/bug.php?id=51332&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=51332&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=51332&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=51332&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=51332&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=51332&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=51332&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=51332&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=51332&r=needscript Try newer version: http://bugs.php.net/fix.php?id=51332&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=51332&r=support Expected behavior: http://bugs.php.net/fix.php?id=51332&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=51332&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=51332&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=51332&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51332&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=51332&r=dst IIS Stability: http://bugs.php.net/fix.php?id=51332&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=51332&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=51332&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=51332&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=51332&r=mysqlcfg
