Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:59846
Return-Path: <tom@punkave.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76168 invoked from network); 13 Apr 2012 02:36:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 13 Apr 2012 02:36:23 -0000
Authentication-Results: pb1.pair.com header.from=tom@punkave.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=tom@punkave.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain punkave.com designates 209.85.216.49 as permitted sender)
X-PHP-List-Original-Sender: tom@punkave.com
X-Host-Fingerprint: 209.85.216.49 mail-qa0-f49.google.com  
Received: from [209.85.216.49] ([209.85.216.49:48120] helo=mail-qa0-f49.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id AC/D4-00290-621978F4 for <internals@lists.php.net>; Thu, 12 Apr 2012 22:36:22 -0400
Received: by qafi29 with SMTP id i29so2183980qaf.8
        for <internals@lists.php.net>; Thu, 12 Apr 2012 19:36:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=references:in-reply-to:mime-version:content-transfer-encoding
         :content-type:message-id:cc:x-mailer:from:subject:date:to
         :x-gm-message-state;
        bh=AGDJu//zZ9Pg08fHhuUxxiJ5yl9Iw2kYUmB+rwQQVlU=;
        b=PBst96Xd6nzYgY1qk+z55NHPqpcncEa4Zfuop1qrYmQvKit774D2g/uIEbE4XT9bS/
         IY7Iea8DPiTDqFUgcp6iM6gDxf7NvqL3o6n8XxGTSl1VLO6y3lzUs9o3uo7ZV78XHpxr
         e33+b7i4zPZiPfHs+2M8W4Tek22HsMO2rVLsdJ0l+/R9JI2j2mdWHQUSsjL8DItmCkFL
         3o5EL+uBNxhj9FmvyzQqxD6Azgg5jXH18OgtaB85DbNFxJ9T2B2jNiOpqh8Jo3+2k2Kq
         +2OXHtMiUh5gE8OHNue6HeQgrTle/WaZHL/+b+lj1ufx/yf6J18dzTH1+YMWBr3HReEa
         /A3w==
Received: by 10.229.137.70 with SMTP id v6mr210265qct.76.1334284579970;
        Thu, 12 Apr 2012 19:36:19 -0700 (PDT)
Received: from [192.168.100.101] (c-68-81-107-211.hsd1.pa.comcast.net. [68.81.107.211])
        by mx.google.com with ESMTPS id cs10sm15171700qab.8.2012.04.12.19.36.18
        (version=TLSv1/SSLv3 cipher=OTHER);
        Thu, 12 Apr 2012 19:36:19 -0700 (PDT)
2bXbeGjFPaw1=H7anSerAVCOkgY=8iuHcATGB93tuTz_Y9Q@mail.gmail.com> <CAGa2bXacWzafy84_yK=QAmspiZd6Yo+KNKWpywjgLxvqpo32zg@mail.gmail.com>
In-Reply-To: <CAGa2bXacWzafy84_yK=QAmspiZd6Yo+KNKWpywjgLxvqpo32zg@mail.gmail.com>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii
Message-ID: <4274B530-5FB8-4292-9262-37044CF98B8B@punkave.com>
Cc: Stas Malyshev <smalyshev@sugarcrm.com>,
 PHP internals <internals@lists.php.net>
X-Mailer: iPhone Mail (9B176)
Date: Thu, 12 Apr 2012 22:36:13 -0400
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
X-Gm-Message-State: ALoCoQk1QWZbBSS7Cwy1fS0VvcTYEuJmT5wcP2xKdDTtUuLtXSubSPpJXy7tDPyjIQKA+SrupO8u
Subject: Re: [PHP-DEV] Re: Disabling PHP tags by php.ini and CLI options
From: tom@punkave.com (Tom Boutell)

If this is a pecl module library developers cannot use it and trust that on p=
hp 5.n, it just works. That would fork the language in an undesirable way. I=
t should be a core feature, no ini flag, no sometimes-there module.

Sent from my iPhone

On Apr 12, 2012, at 10:00 PM, Yasuo Ohgaki <yohgaki@ohgaki.net> wrote:

> Hi,
>=20
> 2012/4/13 Yasuo Ohgaki <yohgaki@ohgaki.net>:
>> Hi,
>>=20
>> 2012/4/13 Stas Malyshev <smalyshev@sugarcrm.com>:
>>> Hi!
>>>=20
>>>> If I exclude current code, then introducing script only include will be=

>>>> preferred one. I preferred dedicated statement for it though.
>>>>=20
>>>> include
>>>> include_once
>>>> require
>>>> require_once
>>>> script
>>>> script_once
>>>=20
>>> I have a thought here. To implement script/script_once you don't need it=

>>> to be a language construct. A function would do just as fine. Why not
>>> make an extension having these two functions, put it on PECL and see if
>>> people will be using it?
>>> For extreme adopters, you could even make php.ini switch that overrides
>>> include/require and redirects them to your script functions. Shouldn't
>>> be impossible to do, I think.
>>=20
>> Good idea.
>>=20
>> I think it's possible as a Zend engine module. It may be possible
>> as normal module if compiler hook can be used. I guess it is now.
>>=20
>> It provides optional security by accident. (Someone called  LFI syntax
>> error an accident and I like it) I wish the other RFC author
>> implement this.
>>=20
>> Regards,
>=20
> I just briefly read tokenizer code.
> We can simply scan tokens and validate then executes.
> So it's a very simple module to write.
>=20
> Regards,
>=20
> --
> Yasuo Ohgaki
> yohgaki@ohgaki.net
>=20
> --=20
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>=20