Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:59848 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 80122 invoked from network); 13 Apr 2012 02:51:23 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 13 Apr 2012 02:51:23 -0000 Authentication-Results: pb1.pair.com header.from=yohgaki@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=yohgaki@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.160.170 as permitted sender) X-PHP-List-Original-Sender: yohgaki@gmail.com X-Host-Fingerprint: 209.85.160.170 mail-gy0-f170.google.com Received: from [209.85.160.170] ([209.85.160.170:51082] helo=mail-gy0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 02/B5-00290-BA4978F4 for ; Thu, 12 Apr 2012 22:51:23 -0400 Received: by ghbg2 with SMTP id g2so1640795ghb.29 for ; Thu, 12 Apr 2012 19:51:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=na6j5v8nglcrSoHb1sbXFTFGp8NiuOzmE2MefZep33I=; b=FzSdMlBsFQUe7fGqayHGpnAyzZkD3Jx9pW/6qi/wN+ayk8M1RTw6Q1Z5P2bFtuIQxt /MO6BReApPnsCMjGiuhgzpEiyh7xQY7MeO3So6FAQOgKXk4p1IOMzN1Vuc7CCgYYgt5j VgMdSDZihF+cpG5bMAYGI2qgnDZ6oeEYkLJHkQwQgfudrl7pKV7VOm2aPca8xNdSnsBQ PP9B0aokh8rP76T9xE3T3A4cD7kIsNrYnHOU/Ao+R25kdwESFE+CLtE7dhHNkOf2pmJF ta9oaA7Muwna0vqKlbo+eFCZR4lgQpQQtTDk05xCIzNdKcXJX/z00R7oh75n8V4psv1n 5QoQ== Received: by 10.236.170.197 with SMTP id p45mr217447yhl.86.1334285480621; Thu, 12 Apr 2012 19:51:20 -0700 (PDT) MIME-Version: 1.0 Sender: yohgaki@gmail.com Received: by 10.146.86.14 with HTTP; Thu, 12 Apr 2012 19:50:40 -0700 (PDT) In-Reply-To: <4274B530-5FB8-4292-9262-37044CF98B8B@punkave.com> References: <4F8539E0.1090701@sugarcrm.com> <4F859063.1010401@lerdorf.com> <4F862AAC.90003@lerdorf.com> <4F86761A.9010801@lsces.co.uk> <4F876E36.1020400@gmail.com> <4F87799D.4060601@sugarcrm.com> <4274B530-5FB8-4292-9262-37044CF98B8B@punkave.com> Date: Fri, 13 Apr 2012 11:50:40 +0900 X-Google-Sender-Auth: Gk8mrnEOC8PzYP-vTS2RCjrNNF4 Message-ID: To: Tom Boutell Cc: Stas Malyshev , PHP internals Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] Re: Disabling PHP tags by php.ini and CLI options From: yohgaki@ohgaki.net (Yasuo Ohgaki) Hi, 2012/4/13 Tom Boutell : > If this is a pecl module library developers cannot use it and trust that = on php 5.n, it just works. That would fork the language in an undesirable w= ay. It should be a core feature, no ini flag, no sometimes-there module. > We are saying not into core. Implement it as PECL see if it is widely used or not. I think this will be an interesting experiment. If it's worth, framework developers will adopt it, since they can easily write compatible user function. function script($file) { return include($file); } The reason I didn't recommend to write your own parser is APC or other similar modules. Modules that require to override default parser may not work if you wrote your own. If it cannot work with them, it would be difficult for many frameworks to adopt. It's easy module to write. Try and see what happens! Regards, -- Yasuo Ohgaki yohgaki@ohgaki.net > Sent from my iPhone > > On Apr 12, 2012, at 10:00 PM, Yasuo Ohgaki wrote: > >> Hi, >> >> 2012/4/13 Yasuo Ohgaki : >>> Hi, >>> >>> 2012/4/13 Stas Malyshev : >>>> Hi! >>>> >>>>> If I exclude current code, then introducing script only include will = be >>>>> preferred one. I preferred dedicated statement for it though. >>>>> >>>>> include >>>>> include_once >>>>> require >>>>> require_once >>>>> script >>>>> script_once >>>> >>>> I have a thought here. To implement script/script_once you don't need = it >>>> to be a language construct. A function would do just as fine. Why not >>>> make an extension having these two functions, put it on PECL and see i= f >>>> people will be using it? >>>> For extreme adopters, you could even make php.ini switch that override= s >>>> include/require and redirects them to your script functions. Shouldn't >>>> be impossible to do, I think. >>> >>> Good idea. >>> >>> I think it's possible as a Zend engine module. It may be possible >>> as normal module if compiler hook can be used. I guess it is now. >>> >>> It provides optional security by accident. (Someone called =A0LFI synta= x >>> error an accident and I like it) I wish the other RFC author >>> implement this. >>> >>> Regards, >> >> I just briefly read tokenizer code. >> We can simply scan tokens and validate then executes. >> So it's a very simple module to write. >> >> Regards, >> >> -- >> Yasuo Ohgaki >> yohgaki@ohgaki.net >> >> -- >> PHP Internals - PHP Runtime Development Mailing List >> To unsubscribe, visit: http://www.php.net/unsub.php >>