[xdebug-general] Re: Fw: Re: Xdebug Eval is dangerous

From: Darien Hager <darien[@]etelos.com>
Date: Mon, 17 Dec 2007 12:13:50 -0800

Dave Kelsey wrote:
> Darien, that is certainly an interesting idea, but I don't want to be
> dependent on a php extension as it may not be available on some php
> implementations, but thanks for the suggestion.
Hrm. Well, it could be a purely optional step in guarding against unsafe
breakpoint expressions: The checkEval function could just test the
return of extension_loaded('tokenizer') and if it's not loaded, return
early without errors.

While the tokenizer extension is standard on PHP.net 4.3.0+, this would
allow it to degrade gracefully even if used against another
implementation e.g. Quercus.

Of course, it may be possible for Xdebug to implement something similar
with the tokenizer library, but I have no experience interacting with it
except through it's exposed PHP functions.

Darien Hager
Etelos, Inc.
"Revolutionizing the way applications are developed, distributed and consumed."
[Burdensome Boilerplate]
This e-mail message, including attachments, may contain confidential information for the sole use of the intended recipient(s). If you are not the intended recipient, then this is notice that any use, disclosure, dissemination, distribution or copying is strictly prohibited. If you have received this message in error please contact the sender by reply mail and destroy all copies of the original message. 
Received on Mon Dec 17 2007 - 21:14:13 GMT

This archive was generated by hypermail 2.2.0 : Mon Jun 25 2018 - 06:00:04 BST