[PHP] Re: [PHP-DEV] Fatal error: Call to a member function on a non-object
Hej Jochem, I understand there are many PHP beginners flooding the wrong lists with the wrong questions, so I don't mind your harsh response. But I am not one of them. > please don't post this kind of question to internals. use [EMAIL PROTECTED] This was/is a question if something is worth a change request. This concerns the development of PHP and in my eyes belongs on internals. Am I mistaken here? > plenty, I suggest taking the time to get a better understanding of OO, > the php implementation and the various related tools it offers > (instanceof, "method-chaining", exceptions, etc, etc). I have a good understanding of OOP. This is not a start for me. I am just refactoring existing PHP code to be object-oriented. You say there are plenty of reasons for a Fatal error, so please tell me a few, so I understand the reasons. > calling a method on an object that doesn't exist is tantamount to calling a > function > which doesn't exist ... both are a fatal error. Yes and maybe that is wrong two. But besides that, there is a difference between the two. It hardly happens that a bug results in a call to a non-existing function. But a bug can easily lead to an uninitialized variable which is then treated as an object. The problem with Fatal errors is that there is no way for me to handle them. I use an error_handler in the production system. When an error or unhandled exception occurs it displays an end-user-friendly error message and then sends an email to our team's mailbox. Working with arrays I can handle all sensible run-time errors using this methods. Working with objects, I apparently cannot, because Fatal Error aren't handled by the error_handler. That's a serious problem because it completely hides a likely group of errors from the notification system. I hopes this motivates the question a little better. But the question remains. Are there reasons to have a Fatal error here? For comparison: Python throws an exception in a comparable case, allowing me to handle the error. Best regards Christopher -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DEV] Fatal error: Call to a member function on a non-object
Hej Stefan, >> This was/is a question if something is worth a change request. This >> concerns the development of PHP and in my eyes belongs on internals. Am >> I mistaken here? > > Yes, because you are like the 100th person to request that. A mail to > general@ probably would have told you that. I am sorry about that. I'll first consult general@ in the future. Best regards Christopher -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DEV] Fatal error: Call to a member function on a non-object
Hej Jochem, > this kind of thing belongs on php-general (and lets keep it on list > please), if you have a serious proposal/rfc and/or one develops from a > discussion > there then likely some of the old-hats will likely recommend escalating to > internal. I'm sorry I wasn't aware of this "procedure". I will start discussions on general@ from now on. >> But the question remains. Are there reasons to have a Fatal error here? > > yes, it tells you your doing something impossible. Well yes, but this does not mean it has to terminate. It could skip it instead. >> For comparison: Python throws an exception in a comparable case, >> allowing me to handle the error. > > PHP != Python. python is pure OO. php is hybrid. you have to refactor your > code in different ways. Python is, just as PHP, a multi-paradigm language. Both support procedural, OOP and even functional programming styles. > what this comes down to is this, python gives you exceptions free of > charge, php asks you to implement and throw them yourself ... You are right. This seems to be, what it comes down too. I can't say that I am happy with it. And I think being able to handle fatal errors, whenever possible would be a very useful feature. What about E_RECOVERABLE_ERROR, couldn't calling a method on a non-object trigger E_RECOVERABLE_ERROR, instead of E_ERROR? Best regards Christopher -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Fatal error: Call to a member function on a non-object
Hej, I created a change request: http://bugs.php.net/bug.php?id=46601 Best regards Christopher -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] A better XSS trap (Feedback wanted)
Hej everybody,
I built something I'd like to have feedback on. Looking at all the
template engines out there made me think.
I have two main requirements:
- use PHP as the template language
- effective XSS prevention without betting on discipline
Plain PHP only satisfies the first. I also couldn't find a PHP template
engine that satisfies both. (Savant doesn't.)
So here is my own minimal solution and I would like to know your
opinion. Also, if anybody has seen something like it out there, please
point me to it.
The Idea:
Automatically wrap every output string into a Decorator object, which
offers filtering methods like htmlentities. This also means intercepting
access to strings contained in Arrays and Objects in order to decorate them.
The code:
http://code.google.com/p/cvphplib/source/browse/trunk/cvphplib/
svn checkout http://cvphplib.googlecode.com/svn/trunk/cvphplib/
Example usage:
// first a simple string
evil' ); ?>
triggers an error
htmlentities()?> works fine
urlencode()?>works fine
raw()?> outputs the unfiltered value
// extracting a bunch of filtered variables into the local scope
5, 'o'=>new O(), 'array' => array(''=>'') );
extract( CV_OutputFilter::filter($vars)->toArray() );
?>
// access to object members
var?> triggers an error
method()?> triggers an error
var->htmlentities()?> works fine
method()->htmlentities()?> works fine
// access to array elements
']?> triggers an error
']->htmlentities()?> works fine
// Iterating over an array
works fine
$value ){} ?> throws an exception, because
$key would not be filtered in this case
// decorating array keys requires some iterator magic
key_as($key) as $value ): ?>
htmlentities()?>: htmlentities()?>
Problems:
- potentially slow (due to many object instantiations and reflection)
Benefits:
- effective XSS prevention without betting on discipline
- template-engine-like variable extraction into local scope
- clean and short syntax
- very little to learn
Functionality already implemented, but not shown in the example:
- register custom filter methods
- enable __toString() with custom default filter
- use tuple array(key,value) for $value instead of 'key_as'-magic
- register custom filter applied on keys in ->toArray()
- decoration of multidimensional arrays and webs of object references
More example code:
http://code.google.com/p/cvphplib/source/browse/trunk/cvphplib/examples/exampleOutputFilter.php
http://code.google.com/p/cvphplib/source/browse/trunk/cvphplib/tests/CV/Test_OutputFilter.php
So what do you think?
Best regards
Christopher
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
