Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:113816
Return-Path: <ayesh@php.watch>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 50237 invoked from network); 27 Mar 2021 17:32:31 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 27 Mar 2021 17:32:31 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 97F78180503
	for <internals@lists.php.net>; Sat, 27 Mar 2021 10:29:03 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.2
X-Spam-Virus: No
X-Envelope-From: <ayesh@php.watch>
Received: from forward105j.mail.yandex.net (forward105j.mail.yandex.net [5.45.198.248])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sat, 27 Mar 2021 10:29:02 -0700 (PDT)
Received: from iva4-c9485a9ab4a2.qloud-c.yandex.net (iva4-c9485a9ab4a2.qloud-c.yandex.net [IPv6:2a02:6b8:c0c:788c:0:640:c948:5a9a])
	by forward105j.mail.yandex.net (Yandex) with ESMTP id DD3ECB2157C
	for <internals@lists.php.net>; Sat, 27 Mar 2021 20:28:59 +0300 (MSK)
Received: from iva7-f62245f79210.qloud-c.yandex.net (iva7-f62245f79210.qloud-c.yandex.net [2a02:6b8:c0c:2e83:0:640:f622:45f7])
	by iva4-c9485a9ab4a2.qloud-c.yandex.net (mxback/Yandex) with ESMTP id kEs0fWtdMz-SxJmUjUQ;
	Sat, 27 Mar 2021 20:28:59 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=php.watch; s=mail; t=1616866139;
	bh=kG6qMfHZF26YDzPQyHtW517Yk3QVyVTB+UcXUCaSxwc=;
	h=To:Subject:From:In-Reply-To:Cc:Message-ID:Date:References;
	b=VxiLsjTaGoQyMyM36AEkR2viQdVfGR5sVjWMS0YG/ndvdoMVH8XE6v9Ru5MmwFr/m
	 vVuccszxzq4la1OdxyUZ8Bp5/wXexRK2Lqe5fG3sy8fim3oOj7I9/CXV274jic+zBv
	 n9bazaFsnqxlPkOO579tKMb0yayHj7GdNATeqlIY=
Authentication-Results: iva4-c9485a9ab4a2.qloud-c.yandex.net; dkim=pass header.i=@php.watch
Received: by iva7-f62245f79210.qloud-c.yandex.net (smtp/Yandex) with ESMTPSA id YJXERGwzzW-SwKaEECg;
	Sat, 27 Mar 2021 20:28:58 +0300
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client certificate not present)
Received: by mail-oi1-f179.google.com with SMTP id k25so9049840oic.4
        for <internals@lists.php.net>; Sat, 27 Mar 2021 10:28:58 -0700 (PDT)
X-Gm-Message-State: AOAM530EHUaR4fBk8PGZldLcv/0ogxsKr1noy3fXwH/RNUs6z//PeJu7
	pRazTeZlGARxPx+bdP7FlO8r4onCc0k4ZAuuCug=
X-Google-Smtp-Source: ABdhPJzNwKoUsszejH+YpzjzpwY5NcPJfgHx7ENyuo7KAhY6+XoSbmGnaWnY+xB04geBFhpir2B9pB+9knkDw4T+mSI=
X-Received: by 2002:aca:7543:: with SMTP id q64mr13856503oic.100.1616866137324;
 Sat, 27 Mar 2021 10:28:57 -0700 (PDT)
MIME-Version: 1.0
References: <CALOUi=DKS9MnO34OkjMyk0pDjE79AT4MPNhG3wodLw07T5YbQQ@mail.gmail.com>
In-Reply-To: <CALOUi=DKS9MnO34OkjMyk0pDjE79AT4MPNhG3wodLw07T5YbQQ@mail.gmail.com>
Date: Sat, 27 Mar 2021 22:58:31 +0530
X-Gmail-Original-Message-ID: <CANLbj-qcExekbQpndQBYXA2-eDckd46cM2w2NW27P_vWyqTNCQ@mail.gmail.com>
Message-ID: <CANLbj-qcExekbQpndQBYXA2-eDckd46cM2w2NW27P_vWyqTNCQ@mail.gmail.com>
To: Abdul Haq Sheikh <khaweronline@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] include vendor/autoload.php automatically
From: ayesh@php.watch (Ayesh Karunaratne)

Larry already mentioned `auto_append_file` that I also think is the
way to go, if it fits.

The example directory structure from your email is also considered
insecure, because without proper web-server protection, you are
essentially exposing _all_ `vendor` files, including the ones that
potentially execute code.

On Sat, Mar 27, 2021 at 10:23 PM Abdul Haq Sheikh
<khaweronline@gmail.com> wrote:
>
> If we want to use composer packages, we have to include
> 'vendor/autoload.php', and if we don't have a front controller design
> pattern, we must include 'vendor/autoload.php' on every/most files. Why not
> to auto include 'vendor/autoload.php' file (if vendor folder exists)?
> * PHP will use include_once to include file
>
> Example Directory Structure:
> - Index.php (file)
> - Test.php (file)
> - Classes  (folder)
> -- Classes/test2.php (file)
> - Vendor (folder)
>
> - On Index.php, php will automatically include  'vendor/autoload.php'
> because the vendor directory exists.
> - On Test.php, php will automatically include  'vendor/autoload.php'
> because the vendor directory exists.
> - On Classes/test2.php, since file is in sub directory and here vendor
> directory doesn't exist, so php will not include 'vendor/autoload.php'