ID: 27406 Comment by: wylie at geekasylum dot org Reported By: thomas at stauntons dot org Status: Assigned Bug Type: Unknown/Other Function Operating System: All PHP Version: php5.0-200412100930 Assigned To: iliaa New Comment:
There seems to be a lot of discussion on whether this is a bug or a misuse. Here is something else to consider: de_bruut mentioned above that a syntax check function as described in the documentation of this function would be useful for development and testing, and I agree, but it also has other uses. I am about to write a code repository website where users can submit snippets (no smaller than complete functions) and it would be great to be able to check the syntax of the uploaded code on the fly and reject or accept it right there while the submitter is still online. This be one less admin check to do before the code was accepted to the site. Checking uploaded code snippets from the public is a huge security rick if the syntax checker includes or executes the code, but a simple lint check would be a huge boon to developers and code geeks like myself. In my case, it would be fantastic if we could optionally syntax check a string rather than a disk file as the code on my site would be stored in a database (and I imagine many other repositories would do the same). In the case of this bug a decision needs to be made as to whether the code or the documentation expresses the true value of this function, and one or other (ie: the code or the docco) needs to be fixed. This bug has been open almost a year and it seems that decision still has not been made. If the documentation is correct and the function is a simple lint checker, people can then include() any code that checks as valid if they desire to, (some dont) but if the syntax checker includes the code itself, then people like myself cant use it at all as the code to be checked has no relation to the running website (and should never be included). Previous Comments: ------------------------------------------------------------------------ [2005-01-25 20:12:15] [EMAIL PROTECTED] fix assign to ------------------------------------------------------------------------ [2005-01-25 19:56:39] [EMAIL PROTECTED] It's like include() except it won't output the "checked" file (like if the "checked" file has an echo, it won't echo it). Aside from the obvious that's the only difference I notice but haven't tested it thoroughly. Sounds like this bug will never be fixed so I guess we should just document the current behavior. ------------------------------------------------------------------------ [2004-12-14 00:30:08] [EMAIL PROTECTED] I see it's assigned to Ilia so I'm not changing the status. Personally I would put this on very low priority for resolving. Whoever added the lint functionality probably did it for the command-line PHP in order to be able to quickly check a large amount of source code. I don't see this as a mainstream feature of PHP and would avoid hacking on getting it right as to not intefere with the normal execution of PHP (although it's quite possible). ------------------------------------------------------------------------ [2004-12-10 17:39:51] [EMAIL PROTECTED] See also: http://bugs.php.net/27728 ------------------------------------------------------------------------ [2004-11-11 23:34:56] jimmy dot lantz at gmail dot com Couldnt there be an optional bool for including the function? Like bool php_check_syntax ( string file_name [, string &error_message][, bool just_lint]) That is if 3rd var is true it behaves like php -l from CLI? That way we that just wants to validate PHP code without including/running it? Preferrably in a totally secured way... ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/27406 -- Edit this bug report at http://bugs.php.net/?id=27406&edit=1
