rfc:autoload_include

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
rfc:autoload_include [2009/11/10 22:22] – expanded the security concern lsmithrfc:autoload_include [2017/09/22 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Alternative to include/require for autoloaders ====== ====== Alternative to include/require for autoloaders ======
-  * Version: 0.9+  * Version: 1.0
   * Date: 2009-11-10   * Date: 2009-11-10
   * Author: Lukas Smith <smith@pooteeweet.org>   * Author: Lukas Smith <smith@pooteeweet.org>
-  * Status: Draft+  * Status: updated stream_resolve_include_path() was added in PHP 5.3.3
   * First Published at: http://wiki.php.net/rfc/autoload_include   * First Published at: http://wiki.php.net/rfc/autoload_include
  
 This RFC aims to offer an alternative solution to the well known fopen() "hack" used in autoloaders in order to verify the existence of files inside the include path. This RFC aims to offer an alternative solution to the well known fopen() "hack" used in autoloaders in order to verify the existence of files inside the include path.
 +
 ===== Introduction ===== ===== Introduction =====
  
Line 43: Line 44:
 ===== Alternative proposals ===== ===== Alternative proposals =====
  
-1. [[http://news.php.net/php.internals/45994|Make include/require able to handle resources]]. This would prevent the race condition scenario without the need of a new function.+==== Add stream support to include/require ==== 
 + 
 +[[http://news.php.net/php.internals/45994|Make include/require able to handle resources]]. This would prevent the race condition scenario without the need of a new function.
  
 <code php> <code php>
Line 52: Line 55:
 </code> </code>
  
-However Stas notes that this would "this would break security distinction between file ops and include ops, when URLs are allowed for open but not include", but Greg notes this should be solvable since "the wrapper used to open the file pointer is stored in the resource, so we can just check it against the same restrictions we would for static urls"+However Stas notes that this would "this would break security distinction between file ops and include ops, when URLs are allowed for open but not include", but Greg notes this should be solvable since "the wrapper used to open the file pointer is stored in the resource, so we can just check it against the same restrictions we would for static urls". That being said Stas additionally notes that this could pose challenges for byte code caches since they would have to "watch all file opens, in case some of these will later be used for include" as well as "somehow be able to get filename back from open stream to get the cached file"
 +==== Add function to resolve the include path ==== 
 + 
 +Either add a "use_include_path" flag to file_exists() or add a new file_find() function that supports searching the include path and returns the absolute path to the first match or false if none could be found. The later would be superior since it would also enable the optional feature mentioned above. It would still however require file system access twice, though it would only have to resolve the include path once. It also does not solve the edge case of a race condition, which however seems very rare for files that are included via autoload. There is actually already an implementation which was put into HEAD aka PHP6 as the result of a [[http://devzone.zend.com/node/view/id/1514#Heading7|previous discussion]].  
 + 
 +That being said the current implementation needs some tweaks as Greg points out: 
 +"stream_resolve_include_path() as currently constructed could not be intercepted, and is actually unable to process an include_path that contains streams.  I'm guessing it was written long before PHP 5.3. This could be easily fixed by having stream_resolve_include_path call zend_resolve_path() instead of doing its own internal calculations. With these changes, an opcode cache could easily cache the results." 
 + 
 +===== Patches =====
  
-===== Changelog =====+  * [[http://valokuva.org/patches/php/new/stream_resolve_include_path.txt}|patch to add an improved stream_resolve_include_path() to 5.3]]
rfc/autoload_include.1257891745.txt.gz · Last modified: 2017/09/22 13:28 (external edit)