> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of
> Aryeh Gregor
> Sent: 30 June 2009 20:56
> To: Wikimedia developers
> Subject: Re: [Wikitech-l] On templates and programming languages
>
> On Tue, Jun 30, 2009 at 12:16 PM, Brion
> Vibber<[email protected]> wrote:
> > * PHP
> >
> > Advantage: Lots of webbish people have some experience with
> PHP or can
> > easily find references.
> >
> > Advantage: we're pretty much guaranteed to have a PHP interpreter
> > available. :)
> >
> > Disadvantage: PHP is difficult to lock down for secure execution.
>
> I think it would be easy to provide a very simple locked-down
> version, with most of the features gone. You could, for
> instance, only permit variable assignment, use of built-in
> operators, a small whitelist of functions, and conditionals.
> You could omit loops, function definitions, and abusable
> functions like str_repeat() (let alone exec(), eval(), etc.)
> from a first pass. This would still be vastly more powerful,
> more readable, and faster than ParserFunctions.
Pity there is not a method of locking down code execution to a single
namespace, (think ahead with php5.3)
namespace Template
{
function strlen($string) { return \strlen($string) * 2; }
function exec() { throw new \Exception(); }
class Template
{
function paint()
{
// Redirect \ namespace to Template, so \exec() is also
caught.
echo strlen('data');
}
}
}
Jared
_______________________________________________
Wikitech-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
