Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:106492
Return-Path: <robert@korulczyk.pl>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 31290 invoked from network); 9 Aug 2019 15:57:33 -0000
Received: from unknown (HELO cache4.mydevil.net) (213.189.55.195)
  by pb1.pair.com with SMTP; 9 Aug 2019 15:57:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=korulczyk.pl; s=devil; h=Content-Transfer-Encoding:Content-Type:In-Reply-To
	:MIME-Version:Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc:
	Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
	Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
	List-Subscribe:List-Post:List-Owner:List-Archive;
	bh=moz1uib0A8IyDQqqYMFSfHl3t8lTlY4YMfkiutDSyZE=; b=A9lR1OCu87iFwRdCOlnFepenXY
	2bCroi3n4N+ZzUmZKdyiwxc4MhhnltxWFw7003DLOlJicMsmFtYvMHYElz3isc+YB/Sx2+/pz/qQG
	MwudEphE3CU4z3H9UiVgFMSg+ZNucd1BXf/hpC1bzHp8dxP/cEAQudgwUw/BZbMc5oSc=;
To: Reinis Rozitis <r@roze.lv>, internals@lists.php.net
References: <CAFPFaML19B_RehrUQLEy_oFae-H5r3+BpUGg=GF1js83cJpJqQ@mail.gmail.com>
 <CAEYWF=4cx_i=3rCfFKeBT0Jq0e4=P0PeY2wd6YEwog_VdA1+Dg@mail.gmail.com>
 <CAJHtznzie34C92y2nTRXxhD99FEW-5hmruVatsrLDHcAKvTccQ@mail.gmail.com>
 <CAEYWF=7S2SxzxU+TzRV0Rc7FNMvyZBkAENVTNbZKqrs71Uyijw@mail.gmail.com>
 <000001d54e5a$02ac09f0$08041dd0$@roze.lv>
 <2b5588d6-d667-321f-22f1-46a22bb797c5@korulczyk.pl>
 <000001d54ea3$eb3480a0$c19d81e0$@roze.lv>
 <ad6b9615-372d-69ba-9ca5-e8fa554c5aea@korulczyk.pl>
 <000301d54ead$b43e7b00$1cbb7100$@roze.lv>
Message-ID: <59378662-77ca-0779-10cb-c25acf1b45ef@korulczyk.pl>
Date: Fri, 9 Aug 2019 15:24:55 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <000301d54ead$b43e7b00$1cbb7100$@roze.lv>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-AV-Check: Passed
X-System-Sender: robert@korulczyk.pl
Subject: Re: [PHP-DEV] [RFC] [VOTE] Deprecate PHP's short open tags, again
From: robert@korulczyk.pl (Robert Korulczyk)

> Disabling short tags now is done with "an explicit directive" (there has to be a specific ini file with a specific setting 'short_open_tag = 0'). 
> Isn't this the same "situation when you create a separate file with an explicit directive"?

No, it's not. `php.ini` is outside of project responsibility - as a developer you don't really configure this in any way, your application does not
have any explicit directive to disable/enable short open tags. You just accidentally using feature that could lead to code leak.
In your example with `engine` directive you explicitly disable PHP engine by creating dedicated file for that purpose - there is no way do to this by
accident and then does not notice it.


> If a coder (or IDE) has written '<?', '<%'  or by accident any other tag unless tested the effect (a part of code not being parsed/executed) will be
> exactly the same if the feature suddenly disappeared (unless the additional checks in the 'v2 RFC' which on the other hand would make the engine a
> tiny bit slower but probably have to be implemented to avoid such accidents).

At least the this behavior will be consistent - you will not have cases when code works fine on one environment and leak on another.


Regards,
Robert Korulczyk