ID: 43901
User updated by: t03 at springtimesoftware dot com
Reported By: t03 at springtimesoftware dot com
Status: Open
Bug Type: Feature/Change Request
Operating System: Irrelevant
PHP Version: 5.2.5
New Comment:
In case anyone else reads this and needs a workaround, here is function
to expand any embedded variables of the form "$name" found inside a
given string. Note: this uses the global scope, even if called from
inside a function.
// Expand global variables if found in a string
// ExpandVars ver=1/24/08
function ReplaceVarCallback($M)
{
if (!isset($GLOBALS[$M[1]]))
die("Variable "[EMAIL PROTECTED]" is undefined.");
return $GLOBALS[$M[1]];
} // ReplaceVarCallback
function ExpandVars($Str)
{
for (;;)
{
$Res=preg_replace_callback('#\$([A-Za-z_][A-Za-z0-9_]*)#',
"ReplaceVarCallback",$Str);
if ($Res==$Str)
break;
$Str=$Res;
}
return $Str;
} // ExpandVars
Previous Comments:
------------------------------------------------------------------------
[2008-01-21 01:56:50] t03 at springtimesoftware dot com
Description:
------------
(Note: This feature request is similar to some existing ones, but
provides much clearer explanation, motivation, and details. I hope it
will be considered on its own and that this proposal gets elevated to
the PHP design team for serious consideration.)
In PHP, string literals that are specified using quotation marks (") or
HEREDOC syntax are implicitly expanded in several ways, including
translation of backslash-escaped characters and substitution of the
actual values of variables, as indicated by leading left brace or dollar
signs.
There are many common programming situations where a string contains
backslash sequences or variables that need to be expanded in this way,
such as when the string is read in from a text file.
The most frequent solution adopted by PHP programmers is a simple use
of the eval function. However, this solution represents a large security
risk if the string to be expanded comes from an external and possibly
malicious user, since such a string can contain arbitrary code that will
be executed by the eval function.
There are many safe solutions, including the use of the str_replace
function in a loop to expand each possible variable.
However, all these solutions involve inefficient and error-prone coding
that could be avoided simply by exposing the Zend mechanism used in the
implicit expansion of string literals. The mechanism is already there;
it merely needs to be exposed to the programmer.
Therefore, I hereby request that the PHP team consider adding a new
function to PHP that would expand a given string as is done in the
implicit expansion of string literals, returning the expanded string. I
leave it up to the team to determine the specifics (the name of the
function and possible flags to limit the expansion to certain kinds,
such as backslash-escaped characters and variables).
The PHP team has made many intelligent decisions throughout the history
of the development of PHP, including adding new and useful functions. I
hope they will consider my proposal seriously, forgiving me if I have
made mistakes or overlooked something that I should have been
considered.
David Spector
Springtime Software
Reproduce code:
---------------
(Note: this is not a bug report, but a new feature request.)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=43901&edit=1
