This is a security standard that is already inherent in the current phps version. It is also not the job of PHP to save people from themselves. If we do that, why don't we just make php closed source and have some proprietary byte-code compiler?
There's no way to inherently know where password fields are in these functions from within the parser and, since these are even EXTENSIONS of PHP (which is an extension of Zend), I think it's kinda bad form to put extended extension requirements in the engine. This isn't something that has ever been (or probably ever will be) worried about. If it was a problem, we wouldn't have phps or highlight_file() in the first place. I mean: newbies could also forget <?php or decide they don't want short tags turned on and have their "PHP" code echoed into the HTML, but this is hardly thought of. What Yasoui (sp? sorry, I don't have your name in front of me right now, and I don't remember the spelling off hand... :-\) is talking about is (what I think) a bug in his own PHP build. In reference to needing <table> -- it just makes the code prettier and non-reliant on hard-coded numbers (especially without a lack of knowledge of how many lines are in the script at parse begin, which is something that will never be implemented due to the fact that it is unnecessary and takes time). Granted, it does add some client-side rendering issues, but all-in-all, I believe it's better than with a giant <code> block. It doesn't cause any significant slow down in the parser output (other than the fact that more data needs to be sent out). If data is a problem, just don't use the line numbers. The old version still hasn't changed in output (it's still also not readable source, hehe). I *do* think that line numbers being linked like lxr.php.net is a good idea and is a really easy thing to code. +1's? However, turning it on based on linking to a numbered link isn't a great idea as links with # are much more common than people using ?HIGHLIGHT_FORMAT. There's no way to get the numbered output in the binary version because of this relying on a server-parsed query string, but who highlight_file()s a shell script? Other ideas/requests/comments/whatever you have? Met vriendelijke groeten, Devon H. O'Dell sitetronics.com Original Message: ----------------- From: Adam Voigt [EMAIL PROTECTED] Date: 19 Sep 2002 13:10:14 -0400 To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [PHP-DEV] Thread Reading Newbie's or people seeking help with bad security standards, could give away the password to there SQL server, etc. Maybe the phps parser or whatever it's called should automatically *** out the password fields of all the db, ftp, etc. calls. Adam Voigt [EMAIL PROTECTED] On Thu, 2002-09-19 at 13:05, Zeev Suraski wrote: > At 12:27 19/09/2002, Yasuo Ohgaki wrote: > >Dan Hardiker wrote: > >>We are dealing with *idiots* here. Their CODE doesnt work, they are > >>*learning* PHP, they want help on their *non-functional* code, easily, > >>simply and quickly. > >>We can already say "put this in a .php file then give us the URL to it" > >>and cut n paste them a short script which will show_source their script. > >>However this is TOO MUCH for most newbies and people I encounter daily in > >>#php on dal.net - now if I asked them for a URL to their script, they give > >>me http://whatever.com/script.php so I can see the error in action - I > >>tell them "ok, rename it to phps". Voila - I get the source. > >>THIS is where phps is SO useful. > > > >I'm not insisting we should remove phps, but discourage use of it :) > > Can you explain why? > > Zeev > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
