Hi Some weeks ago I wrote a patch to disable writing from within XSLT templates. That patch is now in 5.4 but wasn't accepted in PHP 5.3 since it changed a struct in the header file.
I have now I new patch which doesn't need that changing in the struct, but I need a new .h file from libxslt. https://gist.github.com/3d3d3c3418236f748118 (unfinished patch, just a proof of concept, but the basics are there) Can anybody tell me, if that still breaks binary compatibility for extensions or if that would be ok? Then a more general question: There are now 2 ways to enable write access again (in 5.4). Via an additional optional parameter to the transform methods (this works with the patch above in 5.3 also) or via the new 5.4 only method ->setSecurityPrefs(). The former is from a clean API point of view not nice, adding more and more optional parameters to methods is the ticket to hell usually. But I can't come up with a better solution for 5.3 without breaking the ABI. And since it's somehow a security issue, I would sleep better a lot, if we have a proper patch for 5.3 as well. To keep BC, I can't just delete the optional parameter again for 5.4, that would make portable code a pain. OTOH, the way I did it know, it breaks BC with PHP < 5.3.9, if you want to enable write access in xslt templates in PHP 5.3.9+. If you don't need that, which is maybe 99.9% of all cases, BC is kept for since PHP 5.0 until much after PHP 5.4 :) So there are 3 options 1) leave it like it is currently. No write protection in 5.3, only in 5.4 2) Have 2 ways to enable write access from 5.3.9+ and 5.4. 3) Remove the ->setSecurityPrefs() in 5.4, so there's only one way to enable write access again, but it's the nasty one from a clean API POV. For 2) and 3), code with those new options won't work anymore in 5.3.8- (but you can check it in PHP user land and treat it differently), but you get write protection automatically Again, all this will only affect a very small fraction of users, those who legitimately wrote files from within XSLT. Any opinions? Me personally would like to have it in PHP 5.3 (or at least offer a proper patch). chregu -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
