#27406 [Com]: php_check_syntax executes code
ID: 27406 Comment by: de_bruut at hotmail dot com Reported By: thomas at stauntons dot org Status: Assigned Bug Type: Unknown/Other Function Operating System: All PHP Version: php5.0-200412100930 Assigned To: iliaa New Comment: Couple of points: 1. there are already half a dozen functions that include files or execute strings 2. there's no other function that allows you to check the validity of a piece of php code 3. right now, php_check_syntax does more than its name implies (it includes the file) 4. there are several situations where a 'clean' lint check of php code is useful (snippet submissions, UNIT TESTS(!), ...) 5. in general, functions should do only one thing, not two only slightly related things, and one of them badly I would love to see php_check_syntax implemented as its name implies: a lint check for a STRING. Not a file (see Wylie's comment), because there are enough functions to read a file or stream into a string. If someone wants to include the file afterwards, they only need to add a single line of code, or they can write their own two-line function. This even leaves them the choice between include() and include_once(), something which php_check_syntax does not do at this point. Did I mention the potential value of php_check_syntax for UNIT TESTS yet? php_check_syntax would allow us to check the syntax of a file (string) as the first of a group of tests for that file/class, and thus avoiding a potential fatal error, which could interrupt an entire set of tests on multiple files. Thus, a syntax check could make quite a number of very serious PHP developers very happy. Not much point if php_check_syntax immediately includes the file (string) though... Previous Comments: [2005-02-09 21:42:13] du at bestwaytech dot com There is one other difference between include and php_check_syntax that should be noted in the manual. Aside from supressing output buffer, it only includes functions and classes, it does not set or affect global variables, the way include() would. If you have test.php $myvar = 1; echo $myvar; function myfunction() {} class myclass {} include (test.php) will set $myvar, print $myvar and set myfunction myclass php_check_syntax(test.php) will ONLY include myfunction myclass [2005-01-29 04:35:48] wylie at geekasylum dot org There seems to be a lot of discussion on whether this is a bug or a misuse. Here is something else to consider: de_bruut mentioned above that a syntax check function as described in the documentation of this function would be useful for development and testing, and I agree, but it also has other uses. I am about to write a code repository website where users can submit snippets (no smaller than complete functions) and it would be great to be able to check the syntax of the uploaded code on the fly and reject or accept it right there while the submitter is still online. This be one less admin check to do before the code was accepted to the site. Checking uploaded code snippets from the public is a huge security rick if the syntax checker includes or executes the code, but a simple lint check would be a huge boon to developers and code geeks like myself. In my case, it would be fantastic if we could optionally syntax check a string rather than a disk file as the code on my site would be stored in a database (and I imagine many other repositories would do the same). In the case of this bug a decision needs to be made as to whether the code or the documentation expresses the true value of this function, and one or other (ie: the code or the docco) needs to be fixed. This bug has been open almost a year and it seems that decision still has not been made. If the documentation is correct and the function is a simple lint checker, people can then include() any code that checks as valid if they desire to, (some dont) but if the syntax checker includes the code itself, then people like myself cant use it at all as the code to be checked has no relation to the running website (and should never be included). [2005-01-25 20:12:15] [EMAIL PROTECTED] fix assign to [2005-01-25 19:56:39] [EMAIL PROTECTED] It's like include() except it won't output the checked file (like if the checked file has an echo, it won't echo it). Aside from the obvious that's the only difference I notice but haven't tested it thoroughly. Sounds like this bug will never be fixed so I guess we should just document the current behavior. [2004-12-14 00:30:08] [EMAIL PROTECTED] I see it's assigned to Ilia so I'm not changing the status. Personally I
#27406 [Com]: php_check_syntax executes code
ID: 27406 Comment by: de_bruut at hotmail dot com Reported By: thomas at stauntons dot org Status: Assigned Bug Type: Unknown/Other Function Operating System: OS X PHP Version: 5.0.2-dev Assigned To: iliaa New Comment: How should the docs be changed? This misfeature hasn't been dealt with yet...maybe we should just remove the docs :) What misfeature? IMO a function that can check the syntax of a PHP file before it's included has real benefits for development and testing (as it can be used to avoid parse and fatal errors etc). And the documentation of php_check_syntax perfectly describes such a function. The only problem here is the fact that php_check_syntax not only checks the code, but executes it as well. I'd say that this is unexpected, undesirable behavior (a bug). The documentation is just fine the way it is now... Previous Comments: [2004-09-20 21:36:57] [EMAIL PROTECTED] How should the docs be changed? This misfeature hasn't been dealt with yet...maybe we should just remove the docs :) [2004-09-16 18:19:12] didou at keliglia dot com So should this function actually execute the code (like an include()) or should it be a simple lint check (identical to php -l) It should do only a lint check, otherway we don't need this function as we already have include.. Anyway, we should really change the docs philip. [2004-08-26 18:20:05] [EMAIL PROTECTED] Tested latest CVS on a Win32 machine, same problem. Here's a very simple test: randominclude.php ?php function foobar() { echo HI; } ? checksyntax.php ?php if (php_check_syntax('randominclude.php')) { echo passed; foobar(); } ? Calling checksyntax.php via Module/CLI/CGI results in: passedHI As opposed to: passed Fatal error: Call to undefined function foobar() in ... [2004-08-09 05:10:33] [EMAIL PROTECTED] So should this function actually execute the code (like an include()) or should it be a simple lint check (identical to php -l). The doc team assumed the later. Please advise with specific information on how this should be documented or if this is indeed a bug, say so. http://cvs.php.net/co.php/phpdoc/en/reference/misc/functions/php-check-syntax.xml [2004-08-08 18:59:20] phpbug at bigredspark dot com Bogus? Could someone document this function so we know what the proper usage is? Is this funtion meant to load the file into the current scope as it's syntax is checked? If so, please say so in the documentation. Otherwise, I have another bug report to file. original.php ?php $bool = php_check_syntax('checkme.php'); foo(); $bar = new Bar; $bar-foo(); ? checkme.php ?php function foo() { echo checkme::foo\n; } class Bar { function foo() { echo checkme::bar::foo\n; } } ? results in checkme::foo checkme::bar::foo for example, when my assumption of how the function works should have the code results in undefined function and class errors. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/27406 -- Edit this bug report at http://bugs.php.net/?id=27406edit=1
#24808 [Com]: access to private or protected member throw __get and __set method
ID: 24808 Comment by: de_bruut at hotmail dot com Reported By: Bertrand dot Willm at laposte dot net Status: Analyzed Bug Type: Zend Engine 2 problem Operating System: * PHP Version: 5* New Comment: Quick suggestion: Please consider adding the same overloading functionality ( __call() ) for private and protected methods. Previous Comments: [2004-05-31 23:14:28] [EMAIL PROTECTED] That seems to be the best solution. [2004-05-30 14:43:07] [EMAIL PROTECTED] After talking with Andi, I think it's a valid issue and what needs to be done is to make accessors (__get/__set) be called on access to variables that are not visible in current context. This still would not change the fact that acessors are not called on existing variables, but invisible variables in this context would be regarded as good as unexisting. [2003-10-16 05:03:46] [EMAIL PROTECTED] The behavior is absolut correct. Since the property 'var' is declared private it cannot be accessed. And also since it is a declared property there is no need for the engine to execute __call(). Both __get() and __set() are only there to handle virtual properties (aka not declared ones). Double check #25815 and #25199 [2003-07-28 18:50:06] alan at akbkhome dot com This has been discussed on zend2-engine, getters and setters on 'defined' vars is a feature that a number of people would like to see.. AFAIK It just needs a voluteer to propose some code.. [2003-07-28 17:49:44] Bertrand dot Willm at laposte dot net It is quite nice to tell me to double-check the documentation, but I don't see were it is written that the name given to __get and __set methods can't correspond to private or protected members. If it is not written, this could be nice to add that information in the documentation. Perhaps that for a clean programmation this is not a good idea to use the same name for members and properties. Anyway, after analisys, I found that the current implementation of __get and __set is an unsatsifactory answer to properties. It is far away from what is proposed in C#, Delphi (and of course C++ builder) or visual basic. To my knowledge, there is no equivalent in java or C++. The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/24808 -- Edit this bug report at http://bugs.php.net/?id=24808edit=1