[Tickets #3037] Horde_Config should validate generated PHP
bugs@bugs.horde.org
bugs at bugs.horde.org
Thu Nov 24 14:41:41 PST 2005
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/?id=3037
-----------------------------------------------------------------------
Ticket | 3037
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | Horde_Config should validate generated PHP
Queue | Horde Framework Packages
Version | HEAD
State | Accepted
Priority | 1. Low
Type | Enhancement
Owners |
-----------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2005-11-24 14:41) wrote:
> I already thought about that a few times, but this would only be possible
with
> calling a PHP cli with the -l flag, but how to handle this gracefully with
the lots of
> different places where it can be installed - if it is installed at all?
Well, if we assume that the worst that can happen is a parse error - as
opposed to a fatal error - we could eval() it. Since we require admin access
this might not be as bad a security risk as otherwise.
>> Also, to help achieve more specific error messages, we should add a
>> new type for PHP code that also validates the individual snippets so
>> that you can't enter something that's not valid on the right side of
>> an = expression in one of those fields.
>
> Wouldn't this be covered by the above?
Other way around, really - if we lint the whole file we can't tell the user
which field the error was in, if we lint each field we can.
More information about the bugs
mailing list