Re: [PHP] Is echo tag reasonably portable?
On 15 Nov 2005, at 19:53, Robin Vickery wrote: I doubt very much if they will be disabled. They are perfectly valid SGML processing instructions. Firstly, I didn't actually suggest they were disabled. I suggested that they should be off by default. Late to the party I know, but I think something has been missed here. Here's an excerpt from php.ini-recommended in a fresh download of PHP: ; Allow the ? tag. Otherwise, only ?php and script tags are recognized. ; NOTE: Using short tags should be avoided when developing applications or ; libraries that are meant for redistribution, or deployment on PHP ; servers which are not under your control, because short tags may not ; be supported on the target server. For portable, redistributable code, ; be sure not to use short tags. short_open_tag = Off Given most ISPs habit of leaving everything at defaults, I'd say this pretty much puts paid to using short tags. Admittedly it is on in php.ini-dist, but that's not recommended is it ;^) Marcus -- Marcus Bointon Synchromedia Limited: Putting you in the picture [EMAIL PROTECTED] | http://www.synchromedia.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Curt Zirzow wrote: On Tue, Nov 15, 2005 at 05:39:36PM +, Richard Davey wrote: Hi Jim, Tuesday, November 15, 2005, 5:25:58 PM, you wrote: I don't know, but those who do should not use short tags. And those who hope to should not get into the habit of using short tags. And for the vast majority remaining, who write closed-apps for clients?? It will be when you have to sort through 1,000,000 lines of code in 400 files to change '?' to '?PHP'. Better to save the grief and do it right to start with, no? There is no right or wrong for this, it's down to personal developer preference. Nothing more, nothing less. It's only right if you're building an app for distribution to unknown end-users. I don't think that covers the majority of work we all do here somehow. There is the issue if you are dealing with xml, consider php script is: ?xml version=1.0 encoding? ? echo $something_xml_ish ? which is exactly why ?php was born. indeed, but it seems to me that all writings on writing solid ('enterprise level'?) php code recommend with a capital R not to write your code embedded inline with you xml/xhtml/html/whatever because it's often brittle and very hard to maintain (read illegible). i.e. I think your mad if you have created 100 lines of XML liberally interspersed with php code. just a thought :-) Curt. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. I've seen this note. But I haven't seen a single server where short tags were disabled. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. they are correct - but I have never used a server that didn't allow short tags in practice. personally I say screw portability for the sake of readability/maintainability, besides short_open_tag is: PHP_INI_PERDIR 2 Entry can be set in php.ini, .htaccess or httpd.conf so you can always have you app init script (or tempalte class or whatever) set the setting how you want it. as always it up to you (Roman). -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Roman Ivanov wrote: Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. I've seen this note. But I haven't seen a single server where short tags were disabled. Look at any box I have set up. Not to mention the fact that chances are, you've probably only 'seen' a fraction of the existing php enabled web servers out there -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Is echo tag reasonably portable?
Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. I've seen this note. But I haven't seen a single server where short tags were disabled. Nor have I. However, if I use long tags, my script will *always* work. If I use short tags there is a *possibility* that it won't. So, when writing code that is required to be portable, there is no reason to ever use short tags. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Every server I work on is set to not allow short tags, and I work on about 7 different state, federal, and commercial ones. Some of them don't even read .htaccess files in the directories where my scripts reside, so trying that type of hack would get you booted. just my $.02 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
HI All, Every server I work on is set to not allow short tags, and I work on about 7 different state, federal, and commercial ones. Why turn off short tags? Does that make things more secure? Thanks, -- Leonard Burton, N9URK [EMAIL PROTECTED] The prolonged evacuation would have dramatically affected the survivability of the occupants. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Every server I work on is set to not allow short tags, and I work on about 7 different state, federal, and commercial ones. Why turn off short tags? Does that make things more secure? In some respects it does because it means shortcuts are not allowed, it also means that someone trying to hack through your site is going to be held to a higher standard (ASP tags are cut off as well, the only thing recognized and executed is PHP). Even CGI scripts reside in their own directory and are called/executed from others. for instance most of my scripts/functions are run from a /share/php/functions directory instead of from the spot on the server. Portability. :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Jim Moseby wrote: Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. I've seen this note. But I haven't seen a single server where short tags were disabled. Nor have I. However, if I use long tags, my script will *always* work. If I use short tags there is a *possibility* that it won't. So, when writing code that is required to be portable, there is no reason to ever use short tags. so how many people actually _need_ to write portable code? ok so many you are starting a project which will become a runaway success but until it starts receiving alot of attention use of short-open-tags is probably not your biggest issue either. lets assume that everyone should be writing completely portable apps, why does this ini setting exist? what is the point of offering a setting that can be set to a bad(tm) value by design? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Leonard Burton wrote: HI All, Every server I work on is set to not allow short tags, and I work on about 7 different state, federal, and commercial ones. Why turn off short tags? Does that make things more secure? Don't know if it makes it any more or less secure. I turn them off because I don't use them (I also disable quite a few functions that we don't use). Idea being that if it's not needed, don't make it available to be exploited (if an exploit exists now or in the future). -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On Tue, 15 Nov 2005, [EMAIL PROTECTED] wrote: In some respects it does because it means shortcuts are not allowed, it also means that someone trying to hack through your site is going to be held to a higher standard (ASP tags are cut off as well, the only thing Most PHP site exploits I've seen are written in Perl and do not run on the server being exploited. I've seen a few written in Python, but never have I seen one written in PHP or ASP. Short tags have nothing to do with security. -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Is echo tag reasonably portable?
Jim Moseby wrote: Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. I've seen this note. But I haven't seen a single server where short tags were disabled. Nor have I. However, if I use long tags, my script will *always* work. If I use short tags there is a *possibility* that it won't. So, when writing code that is required to be portable, there is no reason to ever use short tags. so how many people actually _need_ to write portable code? I don't know, but those who do should not use short tags. And those who hope to should not get into the habit of using short tags. ok so many you are starting a project which will become a runaway success but until it starts receiving alot of attention use of short-open-tags is probably not your biggest issue either. It will be when you have to sort through 1,000,000 lines of code in 400 files to change '?' to '?PHP'. Better to save the grief and do it right to start with, no? lets assume that everyone should be writing completely portable apps, why does this ini setting exist? what is the point of offering a setting that can be set to a bad(tm) value by design? I don't know. A very good question for the PHP architects. :o) JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On 11/15/05, Jochem Maas [EMAIL PROTECTED] wrote: Jim Moseby wrote: Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. I've seen this note. But I haven't seen a single server where short tags were disabled. Nor have I. However, if I use long tags, my script will *always* work. If I use short tags there is a *possibility* that it won't. So, when writing code that is required to be portable, there is no reason to ever use short tags. so how many people actually _need_ to write portable code? ok so many you are starting a project which will become a runaway success but until it starts receiving alot of attention use of short-open-tags is probably not your biggest issue either. lets assume that everyone should be writing completely portable apps, why does this ini setting exist? what is the point of offering a setting that can be set to a bad(tm) value by design? Its just a best practice similar to setting error reporting to E_STRICT on development web servers. Why is it such a big deal anyhow, just type the three extra characters and get it over with. You could also use smarty to avoid putting PHP in your templates at all. I will throw in my vote for short open tags = off on the roughly 30 servers that I administer across various organizations. -Mike -- Michael E. Crute Software Developer SoftGroup Development Corporation Linux takes junk and turns it into something useful. Windows takes something useful and turns it into junk.
RE: [PHP] Is echo tag reasonably portable?
At 01:25 PM 11/15/2005, Jim Moseby wrote: Jim Moseby wrote: Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. I've seen this note. But I haven't seen a single server where short tags were disabled. Nor have I. However, if I use long tags, my script will *always* work. If I use short tags there is a *possibility* that it won't. So, when writing code that is required to be portable, there is no reason to ever use short tags. so how many people actually _need_ to write portable code? I don't know, but those who do should not use short tags. And those who hope to should not get into the habit of using short tags. ok so many you are starting a project which will become a runaway success but until it starts receiving alot of attention use of short-open-tags is probably not your biggest issue either. It will be when you have to sort through 1,000,000 lines of code in 400 files to change '?' to '?PHP'. Better to save the grief and do it right to start with, no? lets assume that everyone should be writing completely portable apps, why does this ini setting exist? what is the point of offering a setting that can be set to a bad(tm) value by design? I don't know. A very good question for the PHP architects. :o) JM Re 1,000,000 lines awk, sed, UltraEdit? Miles -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On Tue, Nov 15, 2005 at 05:39:36PM +, Richard Davey wrote: Hi Jim, Tuesday, November 15, 2005, 5:25:58 PM, you wrote: I don't know, but those who do should not use short tags. And those who hope to should not get into the habit of using short tags. And for the vast majority remaining, who write closed-apps for clients?? It will be when you have to sort through 1,000,000 lines of code in 400 files to change '?' to '?PHP'. Better to save the grief and do it right to start with, no? There is no right or wrong for this, it's down to personal developer preference. Nothing more, nothing less. It's only right if you're building an app for distribution to unknown end-users. I don't think that covers the majority of work we all do here somehow. There is the issue if you are dealing with xml, consider php script is: ?xml version=1.0 encoding? ? echo $something_xml_ish ? which is exactly why ?php was born. Curt. -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On 11/15/05, Jochem Maas [EMAIL PROTECTED] wrote: so how many people actually _need_ to write portable code? ok so many you are starting a project which will become a runaway success but until it starts receiving alot of attention use of short-open-tags is probably not your biggest issue either. I'm lazy. I prefer to do it right the first time so I don't have to go through thousands of lines of code correcting it. lets assume that everyone should be writing completely portable apps, why does this ini setting exist? what is the point of offering a setting that can be set to a bad(tm) value by design? Back-compatibility. Short tags were around before the long form and millions of scripts were already using them by the time the xml/xhtml issue became apparent. Security really doesn't have anything to do with this. Short tags have been deprecated for years. Both the manual and the php.ini file itself advise people not to use them. Personally I think it's about time they were turned off by default, but that's bound to annoy a lot of people who've ignored the warnings. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
Robin Vickery wrote: snip Short tags have been deprecated for years. Both the manual and the php.ini file itself advise people not to use them. Personally I think it's about time they were turned off by default, but that's bound to annoy a lot of people who've ignored the warnings. Hey, we need another 'register_globals' type flood of the mailing list again. ;) -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Robin Vickery wrote: On 11/15/05, Roman Ivanov [EMAIL PROTECTED] wrote: Can '?=' be used for templates, or is it a bad thing? The manual's reasonably explicit on the subject: Note: Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags. I've seen this note. But I haven't seen a single server where short tags were disabled. If you've seen this note, then why did you need to ask? It doesn't really matter whether you've seen a server where short tags are disabled, just the possibility that they won't work means they're not portable. Long tags always work. Many experienced sysadmins automatically disable everything that's not needed, and short tags definitely come under that heading. -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Is echo tag reasonably portable?
On Tue, 15 Nov 2005, Jim Moseby wrote: It will be when you have to sort through 1,000,000 lines of code in 400 files to change '?' to '?PHP'. Better to save the grief and do it right to start with, no? for file in *.php; do cp $file $file.tmp sed -e s/?$/?php/g $file.tmp $file rm $file.tmp done -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On Nov 15, 2005, at 8:39 AM, Greg Donald wrote: On Tue, 15 Nov 2005, Jim Moseby wrote: It will be when you have to sort through 1,000,000 lines of code in 400 files to change '?' to '?PHP'. Better to save the grief and do it right to start with, no? for file in *.php; do cp $file $file.tmp sed -e s/?$/?php/g $file.tmp $file rm $file.tmp done ... Wouldn't catch this case: ? echo $foo ? -dan -- Black holes are where God divided by zero. -Steven Wright -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On 11/15/05, Greg Donald [EMAIL PROTECTED] wrote: On Tue, 15 Nov 2005, Jim Moseby wrote: It will be when you have to sort through 1,000,000 lines of code in 400 files to change '?' to '?PHP'. Better to save the grief and do it right to start with, no? for file in *.php; do cp $file $file.tmp sed -e s/?$/?php/g $file.tmp $file rm $file.tmp done eh, what? You only have '?' at the end of a line? -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Is echo tag reasonably portable?
On Tue, 15 Nov 2005, Jim Moseby wrote: It will be when you have to sort through 1,000,000 lines of code in 400 files to change '?' to '?PHP'. Better to save the grief and do it right to start with, no? for file in *.php; do cp $file $file.tmp sed -e s/?$/?php/g $file.tmp $file rm $file.tmp done I maintain: Better to save the grief and do it right to start with, no? JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Is echo tag reasonably portable?
On Tue, 15 Nov 2005, Jim Moseby wrote: for file in *.php; do cp $file $file.tmp sed -e s/?$/?php/g $file.tmp $file rm $file.tmp done I maintain: Better to save the grief and do it right to start with, no? Maybe at some point I too will be lucky enough to only work on code that I authored. for file in *.php; do cp $file $file.tmp php -r 'echo preg_replace(/\?php=\s*/i,?php echo ,preg_replace(/\?(?!php)/i,?php,file_get_contents($argv[1])));' $file.tmp $file rm $file.tmp done -- Greg Donald Zend Certified Engineer MySQL Core Certification http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On 11/15/05, Greg Donald [EMAIL PROTECTED] wrote: On Tue, 15 Nov 2005, Jim Moseby wrote: for file in *.php; do cp $file $file.tmp sed -e s/?$/?php/g $file.tmp $file rm $file.tmp done I maintain: Better to save the grief and do it right to start with, no? Maybe at some point I too will be lucky enough to only work on code that I authored. for file in *.php; do cp $file $file.tmp php -r 'echo preg_replace(/\?php=\s*/i,?php echo ,preg_replace(/\?(?!php)/i,?php,file_get_contents($argv[1])));' $file.tmp $file rm $file.tmp done $stmt = $mysqli-prepare(SELECT foo FROM bar WHERE baz?); oops... -robin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On 11/15/05, Greg Donald [EMAIL PROTECTED] wrote: On Tue, 15 Nov 2005, Jim Moseby wrote: for file in *.php; do cp $file $file.tmp sed -e s/?$/?php/g $file.tmp $file rm $file.tmp done I maintain: Better to save the grief and do it right to start with, no? Maybe at some point I too will be lucky enough to only work on code that I authored. for file in *.php; do cp $file $file.tmp php -r 'echo preg_replace(/\?php=\s*/i,?php echo ,preg_replace(/\?(?!php)/i,?php,file_get_contents($argv[1])));' $file.tmp $file rm $file.tmp done I'd be inclined to do it with the tokenizer functions with something like this (untested): ?php $source = file_get_contents($argv[1]); $token = token_get_all($source); foreach ($token as $t) { if (is_string($t)) { print $t; continue; } switch ($t[0]) { case T_OPEN_TAG_WITH_ECHO: print '?php echo '; break; case T_OPEN_TAG: print '?php '; break; case T_CLOSE_TAG: print ' ?'; break; default: print $t[1]; } } ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Is echo tag reasonably portable?
On Wed, Nov 16, 2005 at 01:27:12AM +0200, Robin Vickery wrote: On 11/15/05, Greg Donald [EMAIL PROTECTED] wrote: On Tue, 15 Nov 2005, Jim Moseby wrote: for file in *.php; do cp $file $file.tmp sed -e s/?$/?php/g $file.tmp $file rm $file.tmp done ... for file in *.php; do cp $file $file.tmp php -r 'echo preg_replace(/\?php=\s*/i,?php echo ,preg_replace(/\?(?!php)/i,?php,file_get_contents($argv[1])));' $file.tmp $file rm $file.tmp done ... $token = token_get_all($source); foreach ($token as $t) { if (is_string($t)) { print $t; continue; } switch ($t[0]) { case T_OPEN_TAG_WITH_ECHO: print '?php echo '; break; ... This is a good finale for this thread!! Curt. -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php