Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94351 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 32296 invoked from network); 1 Jul 2016 08:51:59 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Jul 2016 08:51:59 -0000 Authentication-Results: pb1.pair.com smtp.mail=michael.vostrikov@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=michael.vostrikov@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.182 as permitted sender) X-PHP-List-Original-Sender: michael.vostrikov@gmail.com X-Host-Fingerprint: 209.85.220.182 mail-qk0-f182.google.com Received: from [209.85.220.182] ([209.85.220.182:34010] helo=mail-qk0-f182.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 86/E0-23765-E2F26775 for ; Fri, 01 Jul 2016 04:51:58 -0400 Received: by mail-qk0-f182.google.com with SMTP id t127so190699682qkf.1 for ; Fri, 01 Jul 2016 01:51:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ojVyQFmh/4hUe2XKlGAX9J+bz4Y1Wzr8uEGVR3p+JCg=; b=xcEXBhtC0QmRfvUMF5sCmQymlpBcV6SPz7zH5A4tYjAyr8Fy/u+ArogZOW1wkAHvvF oY6+Md/tu4konlbbkI/Vp/UHx8OjO0EA3HgSmykWVgwqhWzIUAixmrk6XhsdPvdG2fPB 4DX/zeG7iNtv34or7Y8tQ616nuZzaF2EylqB/oLpWxEIDWASEHmzpkLlpkqMe5PfhacZ MQ1FfQ1EChPDebEwkVGBFbM5Dyy+lHXS0xYclotrXlAHys+73n11uOGloruR6me7yLUE 5yokGxeJvhA12MflYApznIn9mJ/eDSy7B5yWWOlm/tiCudbd22QWarO0efoI7KLByCaQ psAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ojVyQFmh/4hUe2XKlGAX9J+bz4Y1Wzr8uEGVR3p+JCg=; b=NyH80/dCH7xdln8iPqI5oqCOxKhRKym1XCIuhSCszmpxzjbMEFevLyznsCgqhhKiOM TheKUaLlvMLyeJ12Ux24B6Us03pshqoBIoqend5Ide4YqBca6fMjt7cEjh0ZW9e8civg ZXyUUpXl69W5V3yVBppBLsBvVsyvwmNl4IK1n/ly+bOZAwi6JlHvWcWJwK/BTjDe/5F1 zDd058c46d/IHQSDJqygsc2GhPBBOtD82m25+fOM0HY6NlQZ9AhOIvR3DffB1xM8x+xv QbIc4QZkcuIseO/WnQZXCD2/w4MoDLWD0wVrTya239VAmSo3Pw/ni4NQ74wuXLfSQCG4 uTWQ== X-Gm-Message-State: ALyK8tLWcg1a3HAzBB9z7GleFOB8NJCGsszkWNdhQdBKwlodH6vkUhGF/1Cu67xuH/wqkA8yI8dzo+5iY6RheA== X-Received: by 10.55.122.69 with SMTP id v66mr26318896qkc.26.1467363115099; Fri, 01 Jul 2016 01:51:55 -0700 (PDT) MIME-Version: 1.0 Received: by 10.55.53.71 with HTTP; Fri, 1 Jul 2016 01:51:53 -0700 (PDT) In-Reply-To: <7fb2d4d0-551e-97a0-72cd-1b6401881f97@fischer.name> References: <20160620222835.BC26C1A80609@dd1730.kasserver.com> <14352177-1b49-e2ed-56a3-9a770d0ebf95@gmail.com> <7fb2d4d0-551e-97a0-72cd-1b6401881f97@fischer.name> Date: Fri, 1 Jul 2016 13:51:53 +0500 Message-ID: To: Markus Fischer Cc: PHP Internals Content-Type: multipart/alternative; boundary=94eb2c065bfe3b6cbf05368f192b Subject: Re: [PHP-DEV] New escaped output operator From: michael.vostrikov@gmail.com (=?UTF-8?B?0JzQuNGF0LDQuNC7INCS0L7RgdGC0YDQuNC60L7Qsg==?=) --94eb2c065bfe3b6cbf05368f192b Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable > I can easier add a new template to e.g. a Laravel > project (own parser, own extension, living next to existing blade templates) Your project already has a template engine, and framework has common code which works with such engines. But how much time do you need to convert all existing templates to a new TE= ? I mean the projects without template engine, which work and are developed every day. Their number is rather large - various CMSs, projects with custom core, Yii and Zend don't have TE by default. In a big project there are a lot of PHP templates with or or everywhere. If we miss this somewhere, we could got an XSS. 2016-07-01 12:53 GMT+05:00 Markus Fischer : > On 01.07.16 05:34, =D0=9C=D0=B8=D1=85=D0=B0=D0=B8=D0=BB =D0=92=D0=BE=D1= =81=D1=82=D1=80=D0=B8=D0=BA=D0=BE=D0=B2 wrote: > > Because it is almost impossible to add template engine in a big project > > with PHP templates. But new version of language usually can easily be > used. > > I interpret "But new version of language usually can easily be used" as > in a new PHP version being installed on a server touted as being > "easier" than changing/replaced/adding a new template language component > with a framework? > > I object to this. I can easier add a new template to e.g. a Laravel > project (own parser, own extension, living next to existing blade > templates) then switching to a new PHP version on production servers. > > - Markus > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > --94eb2c065bfe3b6cbf05368f192b--