Hook bug

elbekko · 2008-05-11 11:19:55

A hook must end with a PHP opening tag, else it displays

array_pop($ext_info_stack); $ext_info = empty($ext_info_stack) ? array() : $ext_info_stack[count($ext_info_stack) - 1];

.

Smartys · 2008-05-11 11:24:48

Known issue, but it's especially important because it has an effect on how extensions that share hooks interact. If you know a way to parse an extension's code for a hook and make sure it always ends in PHP mode, we would love to hear it.

elbekko · 2008-05-11 11:31:57

Oh, oops, nevermind this.

Last edited by elbekko (2008-05-11 11:32:26)

eliot · 2008-05-11 13:28:08

Smartys wrote:

Known issue, but it's especially important because it has an effect on how extensions that share hooks interact. If you know a way to parse an extension's code for a hook and make sure it always ends in PHP mode, we would love to hear it.

          $in_php_mode = (strrpos("<?php",$hook) > strrpos("?>",$hook));

Smartys · 2008-05-11 13:32:23

Huh. I think that might just work. I thought it would be more complex due to nesting of elements (eg: just "<?php" within an HTML tag attribute) but I don't think that situation is actually possible. Thanks

elbekko · 2008-05-11 13:56:58

Indeed. Sometimes it are the easy solutions eh

Smartys · 2008-05-11 14:00:32

Hmm, it might be slightly more difficult than that, actually.

<?php

echo '<?xml version="1.0" encoding="UTF-8"?>';

Also, the code in general would be slightly more complex, since we need to distinguish between false and 0.

eliot · 2008-05-11 14:17:44

Smartys wrote:

Hmm, it might be slightly more difficult than that, actually.
<?php

echo '<?xml version="1.0" encoding="UTF-8"?>';

Awwww, booo. Nobody do that.

Paul · 2008-05-11 14:21:43

Would the one obvious case where that would be a problem be a content negotiation extension which would need to insert the xml prolog.

Smartys · 2008-05-11 14:22:52

Exactly, Paul

eliot · 2008-05-11 17:16:31

Smartys wrote:

Exactly, Paul

Since the issue is always within quotes (either an echo, a print, whatever), you could use regular expression to find all the matching quotes (double or single) and strip out the stuff in between. then the original expression works.

My regular expressions (and php ) is rusty, but it could be something like this:

function strip_text($text,$r)
{
$i=1;
$x=1;
while($x>0):


$x = preg_match($r,$text,$matches,null,0);
if($x>0)
    {    
        $text=str_replace($matches[0],"",$text,$i);
    }
endwhile;

$x=1;
return $text;
}

$hook_temp=strip_text($hook,strip_text($hook,'#\"(.*?)\"#s'),"#'(.*?)'#s");
$in_php_mode = (strrpos("<?php",$hook_temp) > strrpos("?>",$hook_temp));

Edit: well, i've screwed up the regexes, but one of you smart guys will figure out what I meant.

Also, to optimize, you'd only have to parse the part of the $hook text which is after the last <?php, strip out all the stuff between quotes and make sure there is no remaining ?> using strpos. blah.

Last edited by eliot (2008-05-11 17:46:45)

Vovochka · 2008-05-14 10:55:07

What about just writing coding convention for mod writers. If it is possible to make something like that http://fluxbb.org/forums/post/1678/#p1678 Most number of bugs will disappear.
eliot's code won't help if user will use short php tags

Smartys · 2008-05-14 10:58:47

Guidelines will be written, but this is something that would be nice to not have to check om every extension
Short tags are not portable and should not be used.

Vovochka · 2008-05-14 11:00:30

Smartys wrote:

Short tags are not portable and should not be used.

I know. But it is not forbidden. So, there is a possibility that mod writers will use it.

Smartys · 2008-05-14 11:01:51

And THAT is something we can validate by hand (or develop another regex to deal with)

Vovochka · 2008-05-14 11:09:36

lol.
why can't you then validate by hand is there a php mode at the end of the hook?

Vovochka · 2008-05-14 11:18:56

PS:
to reduce hook's code size use php_strip_whitespace()

elbekko · 2008-05-14 13:03:43

Vovochka wrote:

Smartys wrote:
Short tags are not portable and should not be used.
I know. But it is not forbidden. So, there is a possibility that mod writers will use it.

For extensions, it should be.

Smartys · 2008-05-14 14:12:10

Vovochka wrote:

lol.
why can't you then validate by hand is there a php mode at the end of the hook?

Because I think people will make that mistake more often then they will use short tags

Vovochka wrote:

PS:
to reduce hook's code size use php_strip_whitespace()

According to the documentation, that function doesn't work until PHP 5.0.1.

Vovochka · 2008-05-15 10:57:36

I played a little with cache files.
I think that $forum_hooks[$hook_id] shouldn't be an array. There are no benefits of it. It is better to move merging hooks code from get_hook() to generate_hooks_cache()

I mean this code:

 implode("\n", $forum_hooks[$hook_id])

damaxxed · 2008-05-16 20:03:56

Possible solution: Be very strict and disallow installing of extensions if the closing tag is found - never mind if inside a string ($foo = 'bar ?>';) or not:

if( strpos( $ext_code, '?>' ) !== false ) die('No ?>-Tags allowed');

Last edited by damaxxed (2008-05-16 20:04:09)

eliot · 2008-05-16 20:29:18

smartys example above, for one.

There's also no reason not to allow you to put a ?> followed by a block of html followed by a <?php, or you may happen to have that in a string as well.

damaxxed · 2008-05-16 20:32:34

Well, many people (including me) like to export html code like that:

//generating data
?>
<b>here you can see lots of<br />
html code</b><hr />
with only few <?php echo $foo; ?> dynamic things!<hr />
<?php
// continue..

I think it's acceptable for extension developers that they do their work without this freedom and mask every ?> in strings (?\>)

eliot · 2008-05-16 20:39:29

damaxxed wrote:

Well, many people (including me) like to export html code like that:
I think it's acceptable for extension developers that they do their work without this freedom and mask every ?> in strings (?\>)

Well, I hope Smartys disagrees.

elbekko · 2008-05-16 20:40:06

Hell. No. That'd just be retarded to do.

Forums

#1 2008-05-11 11:19:55

Hook bug

#2 2008-05-11 11:24:48

Re: Hook bug

#3 2008-05-11 11:31:57

Re: Hook bug

#4 2008-05-11 13:28:08

Re: Hook bug

#5 2008-05-11 13:32:23

Re: Hook bug

#6 2008-05-11 13:56:58

Re: Hook bug

#7 2008-05-11 14:00:32

Re: Hook bug

#8 2008-05-11 14:17:44

Re: Hook bug

#9 2008-05-11 14:21:43

Re: Hook bug

#10 2008-05-11 14:22:52

Re: Hook bug

#11 2008-05-11 17:16:31

Re: Hook bug

#12 2008-05-14 10:55:07

Re: Hook bug

#13 2008-05-14 10:58:47

Re: Hook bug

#14 2008-05-14 11:00:30

Re: Hook bug

#15 2008-05-14 11:01:51

Re: Hook bug

#16 2008-05-14 11:09:36

Re: Hook bug

#17 2008-05-14 11:18:56

Re: Hook bug

#18 2008-05-14 13:03:43

Re: Hook bug

#19 2008-05-14 14:12:10

Re: Hook bug

#20 2008-05-15 10:57:36

Re: Hook bug

#21 2008-05-16 20:03:56

Re: Hook bug

#22 2008-05-16 20:29:18

Re: Hook bug

#23 2008-05-16 20:32:34

Re: Hook bug

#24 2008-05-16 20:39:29

Re: Hook bug

#25 2008-05-16 20:40:06

Re: Hook bug

Board footer