Hi internals,
As mentioned in https://bugs.php.net/bug.php?id=77378, we currently have
inconsistent defaults for the short_open_tag ini option. While this option
is disabled both in php.ini-production and php.ini-development, the default
(without ini) is enabled, unless --disable-short-open-tag
Rasmus Lerdorf:
You can also choose to never store the raw single quote and always work
with encoded data. Or, as I suggest, always filter it by default and in
the places where you want the raw quote back or you want it filtered for
a specific use, specify explicitly which filter you want
wrote:
-Original Message-
From: Stanislav Malyshev [mailto:[EMAIL PROTECTED]
Sent: 26 March 2008 20:28
To: Lukas Kahwe Smith
Cc: Derick Rethans; Marcus Boerger; Hannes Magnusson; PHP Internals
Subject: Re: [PHP-DEV] short_open_tag
Hi!
do note that we have increasingly
On Fri, 21 Mar 2008, Stanislav Malyshev wrote:
But maybe the change is that now it is considered evil by an even larger
amount of people.
So far I saw four. I do not double I can find 5 people that like templates
with short tags.
I don't think I've ever said I don't like short tags. It's
Hi!
I don't think I've ever said I don't like short tags. It's not the issue
here. The issue is that allowing to change it during runtime adds more
WTF to PHP. WTF factors are bad.
OK, there were people saying short tags are mortal sin, devil's device
to lure pure souls into the hell and
On Wed, Mar 26, 2008 at 8:55 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
Hi!
I don't think I've ever said I don't like short tags. It's not the issue
here. The issue is that allowing to change it during runtime adds more
WTF to PHP. WTF factors are bad.
OK, there were people
On 26.03.2008, at 20:55, Stanislav Malyshev wrote:
Hi!
I don't think I've ever said I don't like short tags. It's not the
issue here. The issue is that allowing to change it during runtime
adds more WTF to PHP. WTF factors are bad.
2. For any code messing with this value - and this
You do know that having short tags enabled will result in a parse
error in the following situation, right?:
Yes, I do know. In fact, I mentioned this knowledge in virtually every
email on the subject. Your point being?
idea ever - but I still think it'll just create more wtf then
necessary.
Hi!
do note that we have increasingly large numbers of way to jump out of
the scope (exceptions, recoverable errors). this obviously makes these
kinds of cleanups potentially easier to forget.
You'd need to catch and process exceptions anyway, and recoverable
errors, as far as I understand,
On Wed, Mar 26, 2008 at 9:25 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
I will repeat it as many times as necessary:
1. This situation can happen only if you have written very buggy
template code - there exists no such code right now and one has to be
rather sloppy to create such
On Wed, Mar 26, 2008 at 9:39 PM, Hannes Magnusson
[EMAIL PROTECTED] wrote:
On Wed, Mar 26, 2008 at 9:25 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
I will repeat it as many times as necessary:
1. This situation can happen only if you have written very buggy
template code - there
Hello Hannes,
Wednesday, March 26, 2008, 9:41:31 PM, you wrote:
On Wed, Mar 26, 2008 at 9:39 PM, Hannes Magnusson
[EMAIL PROTECTED] wrote:
On Wed, Mar 26, 2008 at 9:25 PM, Stanislav Malyshev [EMAIL PROTECTED]
wrote:
I will repeat it as many times as necessary:
1. This situation can
-Original Message-
From: Stanislav Malyshev [mailto:[EMAIL PROTECTED]
Sent: 26 March 2008 20:28
To: Lukas Kahwe Smith
Cc: Derick Rethans; Marcus Boerger; Hannes Magnusson; PHP Internals
Subject: Re: [PHP-DEV] short_open_tag
Hi!
do note that we have increasingly large
Jared Williams schrieb:
ul
? foreach ($items as $item): ?
li?=htmlspecialchars($item)?/li
? endforeach ?
/ul
Well, it's the same as the but i can't validate my php source with
xmllint folks: You're doing it at the wrong point. Escaping should
happen at the point where you assign the var as a
-Original Message-
From: Stefan Walk [mailto:[EMAIL PROTECTED]
Sent: 23 March 2008 11:08
To: Jared Williams
Cc: 'PHP Internals'
Subject: Re: [PHP-DEV] short_open_tag
Jared Williams schrieb:
ul
? foreach ($items as $item): ?
li?=htmlspecialchars($item)?/li
? endforeach
Hello Jared,
Sunday, March 23, 2008, 1:57:20 PM, you wrote:
-Original Message-
From: Stefan Walk [mailto:[EMAIL PROTECTED]
Sent: 23 March 2008 11:08
To: Jared Williams
Cc: 'PHP Internals'
Subject: Re: [PHP-DEV] short_open_tag
Jared Williams schrieb:
ul
? foreach ($items
Hi Rasmus,
On 03/23/2008 03:32 PM, Rasmus Lerdorf wrote:
This is what the filter extension is for. You should be working with
escaped data by default and only poke a hole in your data firewall in
the few places where you need to work with the raw data. Doing it the
other way around is
Soenke Ruempler wrote:
Hi Rasmus,
On 03/23/2008 03:32 PM, Rasmus Lerdorf wrote:
This is what the filter extension is for. You should be working with
escaped data by default and only poke a hole in your data firewall in
the few places where you need to work with the raw data. Doing it the
Hi Rasmus,
On 03/23/2008 04:14 PM, Rasmus Lerdorf wrote:
It is, but it is magic_quotes done right. You apply a really strict
filter that makes your data safe for display and your backend by
default. The only place you can reliably do this this is at the point
the data enters your system.
Rasmus Lerdorf:
Soenke Ruempler wrote:
Hi Rasmus,
On 03/23/2008 03:32 PM, Rasmus Lerdorf wrote:
This is what the filter extension is for. You should be working with
escaped data by default and only poke a hole in your data firewall in
the few places where you need to work with
Soenke Ruempler wrote:
Hi Rasmus,
On 03/23/2008 04:14 PM, Rasmus Lerdorf wrote:
It is, but it is magic_quotes done right. You apply a really strict
filter that makes your data safe for display and your backend by
default. The only place you can reliably do this this is at the point
the
Wietse Venema wrote:
Rasmus Lerdorf:
Soenke Ruempler wrote:
Hi Rasmus,
On 03/23/2008 03:32 PM, Rasmus Lerdorf wrote:
This is what the filter extension is for. You should be working with
escaped data by default and only poke a hole in your data firewall in
the few places where you need to
Jared Williams schrieb:
A lot of people don't use templates, just raw PHP. So having a short tag
escaping would decrease XSS vulnerabilities.
Well, i don't think that would be wise, because then you'd have to watch
if you're inside ?= or ?(php)? ...
I don't understand why need to
Stefan Walk wrote:
Rasmus Lerdorf schrieb:
It is, but it is magic_quotes done right. You apply a really strict
filter that makes your data safe for display and your backend by
default. The only place you can reliably do this this is at the point
the data enters your system. Once it is in,
Rasmus Lerdorf schrieb:
The alternative of relying on the developer remembering to filter simply
doesn't work. Wietse's taint mode is another approach, but it has
performance implications.
As I said, when the backend does the escaping, you don't have to
remember it.
filtering would fix,
Stefan Walk wrote:
Rasmus Lerdorf schrieb:
The alternative of relying on the developer remembering to filter
simply doesn't work. Wietse's taint mode is another approach, but it
has performance implications.
As I said, when the backend does the escaping, you don't have to
remember it.
Rasmus Lerdorf wrote:
Well, I actually have years of experience taking apps and making them
run under my strict default filter. And it tends to not be very many
changes, if any at all. In the O'Reilly case it gets changed to
O#39;Reilly which for a pure web app is fine. If all input
Edward Z. Yang wrote:
Rasmus Lerdorf wrote:
Well, I actually have years of experience taking apps and making them
run under my strict default filter. And it tends to not be very many
changes, if any at all. In the O'Reilly case it gets changed to
O#39;Reilly which for a pure web app is fine.
Rasmus Lerdorf schrieb:
Well, I actually have years of experience taking apps and making them
run under my strict default filter. And it tends to not be very many
changes, if any at all. In the O'Reilly case it gets changed to
O#39;Reilly which for a pure web app is fine. If all input
Stefan Walk wrote:
Rasmus Lerdorf schrieb:
Well, I actually have years of experience taking apps and making them
run under my strict default filter. And it tends to not be very many
changes, if any at all. In the O'Reilly case it gets changed to
O#39;Reilly which for a pure web app is fine.
Rasmus Lerdorf wrote:
Sure, although if you are going to store the raw, I think it is
pointless to store the escaped version.
Yeah, I was thinking more of escaping data that is computationally
expensive; such as bbcodes or wikitext = HTML.
I am not advocating storing it either way, I am
Edward Z. Yang wrote:
Rasmus Lerdorf wrote:
Sure, although if you are going to store the raw, I think it is
pointless to store the escaped version.
Yeah, I was thinking more of escaping data that is computationally
expensive; such as bbcodes or wikitext = HTML.
I am not advocating storing
Rasmus Lerdorf wrote:
The best you can
do is provide sensible default actions and make sure people realize that
it isn't the entire solution. But I don't think throwing our hands in
the air and doing nothing to help the developers is the answer just
because there are such contexts that can't
Well, it's the same as the but i can't validate my php source with
xmllint folks: You're doing it at the wrong point. Escaping should
happen at the point where you assign the var as a temlate var (in my
I'd be happy though if we left escaping aside and concentrated on the
matter of short
On Fri, Mar 21, 2008 at 5:14 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
Can you produce any example of
application or other real code that would silently misbehave with short
tags on but behave OK with short tags off?
Embedding PHP in a SVG (XML) file to generate a batch of images with
Rasmus Lerdorf wrote:
There are a bunch of factors here. In the end it comes down to the
purists vs. the pragmatists. You all know where I fall on that one.
?php is for the purists and ? and ?= still exists for the pragmatists.
Now, someone mentioned ?php= which I am completely against as
Hi Ralph, Pierre, everybody,
Am Samstag, den 22.03.2008, 01:23 +0100 schrieb Pierre Joye:
On Sat, Mar 22, 2008 at 12:51 AM, Ralph Schindler [EMAIL PROTECTED] wrote:
Take this file:
?xml version=1.0 encoding=utf-8 ?
foo
? echo bar; ?
/foo
and run it through
Hi,
On Sat, Mar 22, 2008 at 1:09 PM, Lars Strojny [EMAIL PROTECTED] wrote:
Hi Ralph, Pierre, everybody,
Am Samstag, den 22.03.2008, 01:23 +0100 schrieb Pierre Joye:
On Sat, Mar 22, 2008 at 12:51 AM, Ralph Schindler [EMAIL PROTECTED] wrote:
Take this file:
?xml
Hi Lars,
On Sat, Mar 22, 2008 at 1:09 PM, Lars Strojny [EMAIL PROTECTED] wrote:
Providing the infrastructure to enable/disable short tags per runtime
allows people to better define their API, in this case the API for
templating as they can define the only point where one may use short
Hi Pierre,
Am Samstag, den 22.03.2008, 13:27 +0100 schrieb Pierre Joye:
[...]
It seems to be very hard to understand that it is not so simple. If
this feature is added, every library/module write will have to take
care of the short tags if they like to work smoothly in any unknown
Hello Pierre,
Am Samstag, den 22.03.2008, 13:17 +0100 schrieb Pierre Joye:
[...]
Read: Code validation (like in pre commit rules), is one common usage.
Where? I've just never seen any project that does XML validation on XML
templates as a pre-commit rule.
Think about xml being XML data or
Hello Lars, Stas,
you can already do all you want. We do not have to make it more complex
at all. Ini setting short_open_tags is defined as PHP_INI_PER_DIR, so all
you guys have to do is provide the right configuration, that's all. And if
you guys ship your templates then simply remember to
Hi,
On Fri, 2008-03-21 at 21:13 +0100, Marcus Boerger wrote:
Hello Stanislav,
Friday, March 21, 2008, 9:08:02 PM, you wrote:
However the '?echo' I mentioned would work. We could also go for something
like '?phpecho'. I for one would really appreciate it. And I would not
?phpecho is
Johannes Schlüter schrieb:
Now we have the big issue: Do we want to have short open tags forever?
Well, without tooo much thinking my idea would be to drop ? but keep
?=, ?= shouldn't conflict with ?xml tags in the same file, but
make it simple to do templating using PHP, on the other hand when
Stefan Walk wrote:
Johannes Schlüter schrieb:
Now we have the big issue: Do we want to have short open tags forever?
Well, without tooo much thinking my idea would be to drop ? but keep
?=, ?= shouldn't conflict with ?xml tags in the same file, but
make it simple to do templating using PHP,
Hello Gregory,
Sunday, March 23, 2008, 12:13:20 AM, you wrote:
Stefan Walk wrote:
Johannes Schlüter schrieb:
Now we have the big issue: Do we want to have short open tags forever?
Well, without tooo much thinking my idea would be to drop ? but keep
?=, ?= shouldn't conflict with ?xml tags
-Original Message-
From: Stefan Walk [mailto:[EMAIL PROTECTED]
Sent: 22 March 2008 22:52
To: 'PHP Internals'
Subject: Re: [PHP-DEV] short_open_tag
Johannes Schlüter schrieb:
Now we have the big issue: Do we want to have short open
tags forever?
Well, without tooo much
you can already do all you want. We do not have to make it more complex
at all. Ini setting short_open_tags is defined as PHP_INI_PER_DIR, so all
you guys have to do is provide the right configuration, that's all. And if
Ok, here we go again: this setting is needed to enable people to work
Hi Stas,
you can already do all you want. We do not have to make it more complex
at all. Ini setting short_open_tags is defined as PHP_INI_PER_DIR, so all
you guys have to do is provide the right configuration, that's all. And
if
Ok, here we go again: this setting is needed to enable
I see your point... but wouldn't it be better not to need that?
Johannes' idea seemed good to me, always assuming it's do-able.
Well, yes, it would indeed, but we have a lot of ?= templates now so
either we allow ?= on no-short-tags (if XML guys out there will be OK
with it I might be OK too,
Hi Stas,
1. Leave it as is and be in World of Configuration Pain (TM)
2. Allow ?= independent of short tags (my +1, dunno about XML templates
guys)
This is the way I understood Johannes' proposal - shoot me if I'm wrong here
Johannes.
But I don't have the means of testing to hand, so I'm
Stanislav Malyshev wrote:
I see your point... but wouldn't it be better not to need that?
Johannes' idea seemed good to me, always assuming it's do-able.
Well, yes, it would indeed, but we have a lot of ?= templates now so
either we allow ?= on no-short-tags (if XML guys out there will be OK
Oh and ps
1. Leave it as is and be in World of Configuration Pain (TM)
2. Allow ?= independent of short tags (my +1, dunno about XML templates
guys)
This is the way I understood Johannes' proposal - shoot me if I'm wrong
here Johannes.
But I don't have the means of testing to hand, so I'm
Hello Stanislav,
thanks for rewriting this.
Friday, March 21, 2008, 6:57:40 PM, you wrote:
Hi!
Forwarding this mail again since apparently many people missed it
previously. Please discuss.
Original Message
Subject: short_open_tag
Date: Fri, 07 Mar 2008 12:45:59
Hi!
For me the largest issue is infact late enabling of short tags at run time.
The issue tracks down to the issue where peole might use code that enables
short open tags but forgets to disable that. Now why might I rely on short
I think this case is very unlikely. The use case for this
Stanislav Malyshev kirjoitti:
I think this case is very unlikely. The use case for this feature is
template system, written in long-tags style, but using short-tags
notation for PHP templates. To compare:
My name is ?= $name ? and I am ?= $age ? years old.
My name is ?php echo $name; ? and I
I'd rather see ?php= than having this whole short_open_tag thing at all.
Does ?php= work? I though echo shortcut works only with short tags.
?php= is not much worse than ?= so it'd be OK with me. Downside would
be template systems couldn't use it until 5.3 is widely deployed - which
means no
Hello Stanislav,
Friday, March 21, 2008, 8:11:04 PM, you wrote:
Hi!
For me the largest issue is infact late enabling of short tags at run time.
The issue tracks down to the issue where peole might use code that enables
short open tags but forgets to disable that. Now why might I rely on
Hello Stanislav,
Friday, March 21, 2008, 8:37:18 PM, you wrote:
I'd rather see ?php= than having this whole short_open_tag thing at all.
Does ?php= work? I though echo shortcut works only with short tags.
?php= is not much worse than ?= so it'd be OK with me. Downside would
be template
On Fri, Mar 21, 2008 at 8:37 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
I'd rather see ?php= than having this whole short_open_tag thing at all.
Does ?php= work? I though echo shortcut works only with short tags.
?php= is not much worse than ?= so it'd be OK with me. Downside would
The first hits explain quite well why short_open_tag is bad, mmkay.
OK, let's see what we have there:
0. Support for my email, skipping.
1. The web is a rapidly changing market and standards are being
activley evolved. ?php is more compatable with standards on the web
than ? ... and its not
The main reason is that they are not valid processing instructions.
See http://www.w3.org/TR/REC-xml/#sec-pi
Great, they are also probably not valid S-expressions and not valid
phrases in Mandarin. Why they are bad because of that? Is there any
requirement for them to be?
--
Stanislav
However the '?echo' I mentioned would work. We could also go for something
like '?phpecho'. I for one would really appreciate it. And I would not
?phpecho is too long. Really, saving one space here isn't worth a
trouble. If we had something short and nice like ?= that'd be good and
would make
On Fri, Mar 21, 2008 at 9:02 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
No explanation why it shows lazyness or why it's bad except for
hinting it's somehow bad for handling XML (which it isn't).
See below.
Should I go deeper? Did we use the same search engine? I'm still missing
Hello Stanislav,
Friday, March 21, 2008, 9:05:17 PM, you wrote:
The main reason is that they are not valid processing instructions.
See http://www.w3.org/TR/REC-xml/#sec-pi
Great, they are also probably not valid S-expressions and not valid
phrases in Mandarin. Why they are bad because of
Nobody can set memory_limit in a script during runtime. AFAICT.
Why? It's INI_ALL. So is, for example, include_path.
Short tags are language SYNTAX issue. That's why it's different.
You don't get any plain error if they're on and something doesn't work.
It just doesn't work or misbehaves.
I gave you the link to one main explanation, the XML specs. Or what
else do you need to explain the problem in the XML context?
I need to explain why XML specs have any relevance to PHP syntax and why
PHP sources should conform to them. Are we coding in XML now? Is
everybody using an XML
Great, they are also probably not valid S-expressions and not valid
phrases in Mandarin. Why they are bad because of that? Is there any
requirement for them to be?
The argument being?
Why they are bad because of that? Is there any requirement for them to be?
--
Stanislav Malyshev, Zend
Hello Stanislav,
Friday, March 21, 2008, 9:08:02 PM, you wrote:
However the '?echo' I mentioned would work. We could also go for something
like '?phpecho'. I for one would really appreciate it. And I would not
?phpecho is too long. Really, saving one space here isn't worth a
trouble. If we
On Fri, Mar 21, 2008 at 9:05 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
The main reason is that they are not valid processing instructions.
See http://www.w3.org/TR/REC-xml/#sec-pi
Great, they are also probably not valid S-expressions and not valid
phrases in Mandarin. Why they are
Hello Stanislav,
lemme think, PHP is used to generate HTML and XHTML. And often people
have the headers outside of the PHP tags. And some people like to use tools.
But maybe I am wrong. Either way. It appears that nearly every single
person replying is against this. So can we please stop
The thing is that ?php echo would require a ; while ?phpecho wouldn't.
And if you ronly argument is saving a few keystrokes then we should really
get rid of short open tags completely. And definitively not making their
use easier.
It is easier to use templates with ?= ? then with full PHP
PHP works more and more in a multi cultural environment (php, jsp,
xml, etc.). One of the goals of a standard is to avoid conflicts,
Great. So let's see when there could be a conflict. Only way there could
be a conflict is when XML is included as PHP source. Now, how frequently
one really
There is also an issue when I want to verify my stuff using XML tools.
One can't really verify PHP code with XML tools, so what exactly are you
verifying - could you explain more on that?
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED] http://www.zend.com/
(408)253-8829
Hello Stanislav,
since when can I not verify that my general HTML/XHTML structure is valid?
This is especially valid in template systems as you mentioned earlier.
Because in fact PHP is a tmeplate system for HTML/XHTML after all. So as
long as I only do easy stuff and avoid generating tags
Hi!
since when can I not verify that my general HTML/XHTML structure is valid?
The question is since when PHP code has any XML structure?
This is especially valid in template systems as you mentioned earlier.
OK, so you are verifying templates. Great. Obviously, if you use XML
On Fri, Mar 21, 2008 at 8:11 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
And if you look at the discussion, there were opinions - including
Zeev's - that there's nothing wrong with shorts tags in general, only in
some rare use cases.
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.262r2=1.263
guess who made that commit...
I wish I remembered what the rationale for that was, but of course I
don't. Anyway, in 7 years there might be a bit of a change in how people
use PHP, and that of course doesn't support the point
On Fri, Mar 21, 2008 at 10:19 PM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.262r2=1.263
guess who made that commit...
I wish I remembered what the rationale for that was, but of course I
don't. Anyway, in 7 years there might be a
Hello Stanislav,
Friday, March 21, 2008, 10:11:24 PM, you wrote:
Hi!
since when can I not verify that my general HTML/XHTML structure is valid?
The question is since when PHP code has any XML structure?
This is especially valid in template systems as you mentioned earlier.
OK, so you
Yeah, there has been a huge change. A good chunk of that change is XML.
XML as parsing XML and working with DOM, not XML as putting XML
through PHP parser. It is very important to understand that no short
tags would ever cause you any problems with any XML *unless* you put
that XML through
Hello Stanislav,
Friday, March 21, 2008, 10:19:19 PM, you wrote:
http://cvs.php.net/viewvc.cgi/php-src/main/main.c?r1=1.262r2=1.263
guess who made that commit...
I wish I remembered what the rationale for that was, but of course I
don't. Anyway, in 7 years there might be a bit of a change
This was discussed several times already and Pierre put you directly onto
its definition. What more can we say? I think we have a valid technical
You obviously think so, but it doesn't automatically makes it valid.
Explaining again: PHP code needs to conform to XML standard *only* if
you have
But maybe the change is that now it is considered evil by an even larger
amount of people.
So far I saw four. I do not double I can find 5 people that like
templates with short tags. But anyway it doesn't matter much because
short tags are in PHP 5 and not going anywhere. So the question is
Hello Stanislav,
Friday, March 21, 2008, 9:37:51 PM, you wrote:
lemme think, PHP is used to generate HTML and XHTML. And often people
Neither of which require ?. HTML in fact doesn't support it even.
have the headers outside of the PHP tags. And some people like to use tools.
But maybe I
I haven't seen a single technical argument from your side.
That's just hilarious. I spend entire half-day repeating arguments about
XML and short tags and templates and users and what not - but why bother
if Marcus doesn't even read it? Well, I hope at least somebody reads it.
As for trying
Hello Stanislav,
well, any XML tool seeing '?=' or '? ' would error out as that is
invalid XML.
Friday, March 21, 2008, 10:26:52 PM, you wrote:
Yeah, there has been a huge change. A good chunk of that change is XML.
XML as parsing XML and working with DOM, not XML as putting XML
Take this file:
?xml version=1.0 encoding=utf-8 ?
foo
? echo bar; ?
/foo
and run it through xmllint.
Can we now stop this discussion and revert this patch?
Take this file:
?xml version=1.0 encoding=utf-8 ?
foo
?php echo bar; ?
/foo
and run it through your xmllint.
Passes right? Does
On Sat, Mar 22, 2008 at 12:51 AM, Ralph Schindler [EMAIL PROTECTED] wrote:
Take this file:
?xml version=1.0 encoding=utf-8 ?
foo
? echo bar; ?
/foo
and run it through xmllint.
Can we now stop this discussion and revert this patch?
Take this file:
?xml
On Sat, Mar 22, 2008 at 12:46 AM, Stanislav Malyshev [EMAIL PROTECTED] wrote:
I often use xmllint or other w3c tools to verify that my xml/xhtml
code is valid, before being parsed by php:
Right, so _you_ are using XML templates. Don't do short tags then. Many
other people, however, use
Hi Rasmus,
On Sat, Mar 22, 2008 at 1:20 AM, Rasmus Lerdorf [EMAIL PROTECTED] wrote:
Will actually do about the same thing in the sense that the top-level
script can run with short_open_tag turned off and the main.php script
can run with short_open_tag enabled. The first version requires
Elizabeth M Smith wrote:
Wow, noisy...
I've been in the situation where I use php for templating and the short
syntax is much nicer on the eyes. The ability to flick the switch for
short tags would be nice.
However, like Steph, I've also been bitten by having a simple xml
declaration in a
-Original Message-
From: Pierre Joye [mailto:[EMAIL PROTECTED]
Sent: Friday, March 21, 2008 8:30 PM
To: Rasmus Lerdorf
Cc: Elizabeth M Smith; internals@lists.php.net
Subject: Re: [PHP-DEV] short_open_tag
Hi Rasmus,
On Sat, Mar 22, 2008 at 1:20 AM, Rasmus Lerdorf [EMAIL
Hi Andrés/Rob,
as usual my are playing up so I'll use ==
=
I'm new to the internals, but I've been reading you for months... now, let
me
ask,
Are there any security issues with short tags?
Is it really harder for the interpreter to have them enabled?
Is the short tags
Hi!
I wonder - is there a reason why short_open_tag config value is per-dir
and not PHP_INI_ALL? After all, as I understand, it is private for each
compilation. So suppose you preferred it generally off (you do XML,
etc.) but you have some files in your app where you want it on - would
there
Hi Stas,
Am Freitag, den 07.03.2008, 12:45 -0800 schrieb Stanislav Malyshev:
[...]
I wonder - is there a reason why short_open_tag config value is per-dir
and not PHP_INI_ALL? After all, as I understand, it is private for each
compilation. So suppose you preferred it generally off (you do
96 matches
Mail list logo
