In a project I'm currently working for, we're considering putti开发者_如何学Pythonng system()
into php.ini's disable_functions
declaration. Now, one meta-module of ours which would ultimately also fall victim to this restriction is syntax-checking files with system("php -l");
calls - prompting me to hunt for alternatives.
Turns out there used to be a php_check_syntax()
, but not only did that not restrict itself to merely checking syntax and went on to include the file if it was syntactically valid, but it's been removed as of PHP 5.0.5. The manual suggests php -l
in its place, but given that I'm sure disabling system call functions in PHP is a fairly common practise, I'm wondering if there is an accepted, 'better' way of syntax checking PHP files from within PHP files.
(I'm not hell-bent on this, by the way; a 'no' perfectly suffices (and I expect it, really). We can excempt the module from this restriction - but I'm asking this question both out of curiosity as well as in hope of a more graceful solution.)
I found an alternative using PECL runkit_lint_file().
It does the same check as php_check_syntax().
I think it's worth a look.
This can be also an option: When (if ever) is eval NOT evil?
And seems more faster:
$nTestTiempo0 = microtime(true);
exec('php -l yourfile.php',$arrMsgError,$nCodeError);
$nTestTiempo1 = microtime(true);
echo "\n", '<p>Time in verify file with exec : '.($nTestTiempo1-$nTestTiempo0).' secs.</p>';
//Time in verify file with exec : 0.033198118209839 secs.
$nTestTiempo0 = microtime(true);
ob_start ();
var_dump(eval('return true; if(0){?>'.file_get_contents('yourfile.php').'<?php };'));
$arrMsgError = explode("\n",trim(ob_get_contents()));
ob_end_clean();
$nTestTiempo1 = microtime(true);
echo "\n", '<p>Time in verify file with eval : '.($nTestTiempo1-$nTestTiempo0).' secs.</p>';
//Time in verify file with eval : 0.00030803680419922 secs.
$nTestTiempo0 = microtime(true);
@system('php -l yourfile.php',$nCodeError);
$nTestTiempo1 = microtime(true);
echo "\n", '<p>Time in verify file with system : '.($nTestTiempo1-$nTestTiempo0).' secs.</p>';
//Time in verify file with system : 0.032964944839478 secs.
See our PHP Formatter. This command-line tool takes a well-formed PHP file and formats it nicely.
Not only does it format, it also syntax checks, and returns command line status telling you whether the file was "well-formed"; it contains a full PHP 5 parser. Because it is a command line tool it would be easy to launch from a PHP script if that's what you need to do, and by checking the returned status you would know if the file was legal.
精彩评论