#27406 [Com]: php_check_syntax executes code
ID: 27406
Comment by: de_bruut at hotmail dot com
Reported By: thomas at stauntons dot org
Status: Assigned
Bug Type: Unknown/Other Function
Operating System: All
PHP Version: php5.0-200412100930
Assigned To: iliaa
New Comment:
Couple of points:
1. there are already half a dozen functions that include files or
execute strings
2. there's no other function that allows you to check the validity of a
piece of php code
3. right now, php_check_syntax does more than its name implies (it
includes the file)
4. there are several situations where a 'clean' lint check of php code
is useful (snippet submissions, UNIT TESTS(!), ...)
5. in general, functions should do only one thing, not two only
slightly related things, and one of them badly
I would love to see php_check_syntax implemented as its name implies: a
lint check for a STRING. Not a file (see Wylie's comment), because there
are enough functions to read a file or stream into a string.
If someone wants to include the file afterwards, they only need to add
a single line of code, or they can write their own two-line function.
This even leaves them the choice between include() and include_once(),
something which php_check_syntax does not do at this point.
Did I mention the potential value of php_check_syntax for UNIT TESTS
yet? php_check_syntax would allow us to check the syntax of a file
(string) as the first of a group of tests for that file/class, and thus
avoiding a potential fatal error, which could interrupt an entire set of
tests on multiple files. Thus, a syntax check could make quite a number
of very serious PHP developers very happy. Not much point if
php_check_syntax immediately includes the file (string) though...
Previous Comments:
[2005-02-09 21:42:13] du at bestwaytech dot com
There is one other difference between include and php_check_syntax that
should be noted in the manual. Aside from supressing output buffer, it
only includes functions and classes, it does not set or affect global
variables, the way include() would.
If you have test.php
$myvar = 1;
echo $myvar;
function myfunction() {}
class myclass {}
include (test.php) will set $myvar, print $myvar and set myfunction
myclass
php_check_syntax(test.php) will ONLY include myfunction myclass
[2005-01-29 04:35:48] wylie at geekasylum dot org
There seems to be a lot of discussion on whether this is a bug or a
misuse. Here is something else to consider:
de_bruut mentioned above that a syntax check function as described in
the documentation of this function would be useful for development and
testing, and I agree, but it also has other uses.
I am about to write a code repository website where users can submit
snippets (no smaller than complete functions) and it would be great to
be able to check the syntax of the uploaded code on the fly and reject
or accept it right there while the submitter is still online. This be
one less admin check to do before the code was accepted to the site.
Checking uploaded code snippets from the public is a huge security rick
if the syntax checker includes or executes the code, but a simple lint
check would be a huge boon to developers and code geeks like myself.
In my case, it would be fantastic if we could optionally syntax check a
string rather than a disk file as the code on my site would be stored in
a database (and I imagine many other repositories would do the same).
In the case of this bug a decision needs to be made as to whether the
code or the documentation expresses the true value of this function,
and one or other (ie: the code or the docco) needs to be fixed. This
bug has been open almost a year and it seems that decision still has
not been made.
If the documentation is correct and the function is a simple lint
checker, people can then include() any code that checks as valid if
they desire to, (some dont) but if the syntax checker includes the code
itself, then people like myself cant use it at all as the code to be
checked has no relation to the running website (and should never be
included).
[2005-01-25 20:12:15] [EMAIL PROTECTED]
fix assign to
[2005-01-25 19:56:39] [EMAIL PROTECTED]
It's like include() except it won't output the checked file (like if
the checked file has an echo, it won't echo it). Aside from the
obvious that's the only difference I notice but haven't tested it
thoroughly.
Sounds like this bug will never be fixed so I guess we should just
document the current behavior.
[2004-12-14 00:30:08] [EMAIL PROTECTED]
I see it's assigned to Ilia so I'm not changing the status. Personally
I
#27406 [Com]: php_check_syntax executes code
ID: 27406
Comment by: de_bruut at hotmail dot com
Reported By: thomas at stauntons dot org
Status: Assigned
Bug Type: Unknown/Other Function
Operating System: OS X
PHP Version: 5.0.2-dev
Assigned To: iliaa
New Comment:
How should the docs be changed? This misfeature hasn't been dealt with
yet...maybe we should just remove the docs :)
What misfeature? IMO a function that can check the syntax of a PHP file
before it's included has real benefits for development and testing (as
it can be used to avoid parse and fatal errors etc). And the
documentation of php_check_syntax perfectly describes such a function.
The only problem here is the fact that php_check_syntax not only checks
the code, but executes it as well. I'd say that this is unexpected,
undesirable behavior (a bug). The documentation is just fine the way it
is now...
Previous Comments:
[2004-09-20 21:36:57] [EMAIL PROTECTED]
How should the docs be changed? This misfeature hasn't been dealt with
yet...maybe we should just remove the docs :)
[2004-09-16 18:19:12] didou at keliglia dot com
So should this function actually execute the code (like an include())
or
should it be a simple lint check (identical to php -l)
It should do only a lint check, otherway we don't need this function as
we already have include..
Anyway, we should really change the docs philip.
[2004-08-26 18:20:05] [EMAIL PROTECTED]
Tested latest CVS on a Win32 machine, same problem. Here's a very
simple test:
randominclude.php
?php
function foobar() {
echo HI;
}
?
checksyntax.php
?php
if (php_check_syntax('randominclude.php')) {
echo passed;
foobar();
}
?
Calling checksyntax.php via Module/CLI/CGI results in:
passedHI
As opposed to:
passed
Fatal error: Call to undefined function foobar() in ...
[2004-08-09 05:10:33] [EMAIL PROTECTED]
So should this function actually execute the code (like an include())
or should it be a simple lint check (identical to php -l). The doc
team assumed the later. Please advise with specific information on how
this should be documented or if this is indeed a bug, say so.
http://cvs.php.net/co.php/phpdoc/en/reference/misc/functions/php-check-syntax.xml
[2004-08-08 18:59:20] phpbug at bigredspark dot com
Bogus? Could someone document this function so we know what the
proper usage is? Is this funtion meant to load the file into the
current scope as it's syntax is checked? If so, please say so in the
documentation. Otherwise, I have another bug report to file.
original.php
?php
$bool = php_check_syntax('checkme.php');
foo();
$bar = new Bar;
$bar-foo();
?
checkme.php
?php
function foo()
{ echo checkme::foo\n; }
class Bar {
function foo()
{ echo checkme::bar::foo\n; }
}
?
results in
checkme::foo
checkme::bar::foo
for example, when my assumption of how the function works should have
the code results in undefined function and class errors.
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/27406
--
Edit this bug report at http://bugs.php.net/?id=27406edit=1
#24808 [Com]: access to private or protected member throw __get and __set method
ID: 24808 Comment by: de_bruut at hotmail dot com Reported By: Bertrand dot Willm at laposte dot net Status: Analyzed Bug Type: Zend Engine 2 problem Operating System: * PHP Version: 5* New Comment: Quick suggestion: Please consider adding the same overloading functionality ( __call() ) for private and protected methods. Previous Comments: [2004-05-31 23:14:28] [EMAIL PROTECTED] That seems to be the best solution. [2004-05-30 14:43:07] [EMAIL PROTECTED] After talking with Andi, I think it's a valid issue and what needs to be done is to make accessors (__get/__set) be called on access to variables that are not visible in current context. This still would not change the fact that acessors are not called on existing variables, but invisible variables in this context would be regarded as good as unexisting. [2003-10-16 05:03:46] [EMAIL PROTECTED] The behavior is absolut correct. Since the property 'var' is declared private it cannot be accessed. And also since it is a declared property there is no need for the engine to execute __call(). Both __get() and __set() are only there to handle virtual properties (aka not declared ones). Double check #25815 and #25199 [2003-07-28 18:50:06] alan at akbkhome dot com This has been discussed on zend2-engine, getters and setters on 'defined' vars is a feature that a number of people would like to see.. AFAIK It just needs a voluteer to propose some code.. [2003-07-28 17:49:44] Bertrand dot Willm at laposte dot net It is quite nice to tell me to double-check the documentation, but I don't see were it is written that the name given to __get and __set methods can't correspond to private or protected members. If it is not written, this could be nice to add that information in the documentation. Perhaps that for a clean programmation this is not a good idea to use the same name for members and properties. Anyway, after analisys, I found that the current implementation of __get and __set is an unsatsifactory answer to properties. It is far away from what is proposed in C#, Delphi (and of course C++ builder) or visual basic. To my knowledge, there is no equivalent in java or C++. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24808 -- Edit this bug report at http://bugs.php.net/?id=24808edit=1
