-----Original Message-----
From: wikitech-l-bounces(a)lists.wikimedia.org
[mailto:wikitech-l-bounces@lists.wikimedia.org] On Behalf Of
Aryeh Gregor
Sent: 30 June 2009 20:56
To: Wikimedia developers
Subject: Re: [Wikitech-l] On templates and programming languages
On Tue, Jun 30, 2009 at 12:16 PM, Brion
Vibber<brion(a)wikimedia.org> wrote:
* PHP
Advantage: Lots of webbish people have some experience with
PHP or can
easily find references.
Advantage: we're pretty much guaranteed to have a PHP interpreter
available. :)
Disadvantage: PHP is difficult to lock down for secure execution.
I think it would be easy to provide a very simple locked-down
version, with most of the features gone. You could, for
instance, only permit variable assignment, use of built-in
operators, a small whitelist of functions, and conditionals.
You could omit loops, function definitions, and abusable
functions like str_repeat() (let alone exec(), eval(), etc.)
from a first pass. This would still be vastly more powerful,
more readable, and faster than ParserFunctions.
Pity there is not a method of locking down code execution to a single
namespace, (think ahead with php5.3)
namespace Template
{
function strlen($string) { return \strlen($string) * 2; }
function exec() { throw new \Exception(); }
class Template
{
function paint()
{
// Redirect \ namespace to Template, so \exec() is also
caught.
echo strlen('data');
}
}
}
Jared