On Wed, Apr 24, 2019 at 12:06 PM Mark Randall <mar...@gmail.com> wrote:
> On 24/04/2019 15:35, Chase Peeler wrote:
> >> Total files scanned: 20,767
> > Total lines scanned: 4,013,170
> > Total short open tag references: 6,787
> > Total files w/ short open tag references: 1,665
>
> 1. Open project in PHPStorm (or equivalent).
>
> 2. Run inspections.
>
> 3. Click convert short open tags.
>
> As I've mentioned in other posts, I don't trust this to do a blind
find/replace. Some of our legacy code files are REALLY bad. Just doing auto
formatting on them in PhpStorm will break things.
> Personally I prefer the shorter look of "<? if(...) { ?>" when writing
> templates, but not enough to be up in arms about its removal.
>
> I personally don't like using short tags. I haven't used them since there
was a rumor they would be removed in PHP 6. My objections have nothing to
do with me personally wanting to keep using short tags.
> If anything I'm more concerned about potential code + data leaks.
>
> One of my major concerns as well. I find it ironic that one of the
justifications for the RFC was the potential for code leaks if code with
short open tags is used in an environment where short open tags are
disabled. The solution to that was to guarantee that code with short open
tags will leak code.
> Something which was previously perfectly legitimate code, no longer
> being considered code, could be quite the problematic situation...
> especially if that code happened to be protective logic such as "if"
> statements.
>
> Exactly my point. Much of our legacy code is left alone as much as
possible. We go in there when absolutely necessary due to functional
changes in our applications. This change forces us to go in there for
changes that don't relate to application functions and don't provide any
meaningful enhancement to the language itself, either.
> <? if ($admin) { ?>
> User secret: <?= htmlspecialchars($secret) ?>
> <? } ?>
>
> I would have preferred that the parser encountering <? threw a compile
> error for quite some time rather than just magically ceasing to be
> relevant.
>
> I agree. I think showing a blank page would be better than leaking code.
> The XML argument holds no weight with me.
>
> Me either. I definitely don't think it is serious enough to justify the BC
break given that it can be easily worked around.
> --
> Mark Randall
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Chase Peeler
chasepee...@gmail.com
