Hi!
For me the largest issue is infact late enabling of short tags at run time.
The issue tracks down to the issue where peole might use code that enables
short open tags but forgets to disable that. Now why might I rely on short
I think this case is very unlikely. The use case for this feature is
template system, written in long-tags style, but using short-tags
notation for PHP templates. To compare:
My name is <?= $name ?> and I am <?= $age ?> years old.
My name is <?php echo $name; ?> and I am <?php echo $age; ?> years old.
I think there's little doubt people - especially non-programmer people
like designers - would have much less trouble understanding and writing
first notation than second notation. If you compare larger, more complex
templates, the difference in readability is even bigger. And having code
easy to work with is one of the reasons people do PHP.
Now, in a template system, it is really hard to imagine that template
system creator would be so sloppy as to intend to write code like:
setShortTags();
include $user_template;
resetShortTags();
and somehow "forget" to write the last function. That would require
extreme absent-mindedness on developer's part and you definitely should
steer clear of template systems written by such people. However, for
real template systems I know - they are written by very smart people,
and actually these people support this capability, as it allows them to
use nice syntax in templates without requiring any system configuration
(which may be unavailable or incompatible with other code).
open tags being disabled is another question of course. Years ago when we
This is very important question, since the only known case of why it
might be important is when you use XML as template by including it
directly through PHP parser. I don't think I would be mistaken if I say
this is extremely rare use case. Actually, I'm not sure there's even one
of common applications - like known CMSes, frameworks, blog platforms,
e-commerce platforms, etc. - that can not work with short tags. Can you
name which ones can't?
Again, I consider the concept of "accidentally enabling" sort tags very
improbable, but even if it somehow happened - IMO it would not be a
problem except in some very rare use cases.
last discussed whether we should discourage them the conclusion was that
not many people rely on them being off. Today many people have php code
And if you look at the discussion, there were opinions - including
Zeev's - that there's nothing wrong with shorts tags in general, only in
some rare use cases.
short syntactical sugar when all it does is saving keystrokes. With short
open tags the argument usually simply is that '<?=$bla?>' is shorther than
writing '<?php echo $bla:?>'. But then again the former is much harder to
spot in manual written code. And for generated code it doesn't matter at
I have hard time figuring out a use case when you need to "spot" this in
your code - and, indeed, have one in your code at all, unless it is a
template. In a template, <?= is much better and with any decent editor,
very easy to spot.
all. That said I am against short open tags. And given my first part. I do
not want to deal with code that does 'php_ini_set("short_open_tags", 0);'
after every single include or require statement.
You do not need to deal with this code, and there's absolutely no reason
to do it. Only case when you may need to do it if you include *hostile*
code - i.e. code that can intentionally try and screw up your
environment. In this case, this code might do much worse things than
screw with your short tags setting, which in 99.99% of cases wouldn't do
anything - that code might drop your include path, unset your variables,
close your files and DB connections, reset your memory limit and
execution time to very low values, rewire charsets on input and output,
install any kinds of stream filters, turn on magic quotes, and do a ton
of other very bad things like messing with your file system and what
not. Still all those variables and settings are user-accessible. And you
are not worried about restoring your include path or resetting your
magic quotes or memory limits after each include.
And on top of that - if you are still concerned, you always could do
php_admin_value which IIRC blocks setting values by user.
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED] http://www.zend.com/
(408)253-8829 MSN: [EMAIL PROTECTED]
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php