WordPRess GSoC

Opened 5 years ago

Last modified 5 years ago

#335 accepted task

Check php syntax before writing new content to file

Reported by: a.hoereth Owned by: a.hoereth
Milestone: 2013 Final (1.0) Priority: normal
Component: Code Revisions Keywords: needs-testing


It is easy to break a WordPress installation by applying bad changes to a file of an active theme/plugin. The intention here is to not write a file if the new content contains fatal errors.

Check syntax. If error-prone dont write file but save a draft of the temporary, error-prone content. Show error message with line number and show temporary content in editor for further changes.

Change History (14)

#2 @a.hoereth
5 years ago

Uses eval() with a if(0){} sandbox so the errors don't stop the code execution. Brace balance is checked beforehand so the code does not break out of the sandbox.

Possible problem: eval might be disabled on some hosts!
The usage of eval should not be dangerous here because one can execute whatever code he might want to execute as soon as he got access to the code editors.

#3 @a.hoereth
5 years ago

  • Keywords needs-testing added
  • Owner set to a.hoereth
  • Status changed from new to accepted

#4 @a.hoereth
5 years ago

In 2143:

Remove no longer used code draft. See #335

#7 @a.hoereth
5 years ago

Removed the brace checking + I hate that I cant edit the original ticket.. -t

#8 @a.hoereth
5 years ago

In 2210:

Use system('php -l abs/tmp_file') instead of eval - if available. See #335

#9 @a.hoereth
5 years ago

  • Milestone changed from 2013 Midterm (Beta) to 2013 Final (1.0)
  • Summary changed from Check php syntax before writting new content to file to Check php syntax before writing new content to file

code in [2210] relies on the php -l. When php is not set in the system path (often the case with local environments like XAMPP) this fails. PHP_BINDIR tries to fix this, but still sometimes produces bad results. Under windows PHP_BINDIR == C:\php - no matter what..

#10 @a.hoereth
5 years ago

Got quite some input on this on my week 5 blogpost.

#11 @a.hoereth
5 years ago

In 2211:

Removed PHP_BINDIR usage.. See #335

#13 @a.hoereth
5 years ago

In 2231:

Make use of PHP_BINARY - still looking for a way to get the binary in php 4.3... See #335

#14 @a.hoereth
5 years ago

In 2241:

Escape file name for usage in shell. See #335

Note: See TracTickets for help on using tickets.