Login/Register
Protecting one class from the bad programming of another?
Asked Answered
Solved phpincluderuntimecompiler-errorsinclude-guards
P

3

7

Is there a way in PHP to try to include a file, but if the file contains errors that stop it from compiling to just skip that file from inclusion?

Puparium answered 6/6, 2010 at 0:8 Comment(7)
This is an interesting question, but wouldn't that break whatever depended on that file leading to more compilation errors?Drink
Why not ensure everyone is using unit tests and verify the tests are passing before including it. If there are problems, mock out the broken class until it is fixed.Adrea
Interesting question indeed. I'm wondering about the use case though. If a file doesn't even compile, it has obviously never even been run. If you include the file yourself, you should be able to fix problems easily. Or are you trying to protect the application from bad code committed by others on your team? If that's a concern, the solution has more to do with the HR department than include. Or are you dynamically including user contributed files? Then this issue is probably the least of your concerns.Torrefy
@Chris the plugins are dependent upon the host application not Vice-versa. The host application can run fine without including the files, but plugins add functionality to the host application. I want the host to be able to run, but if someone should make a bad plugin I don't want it to crash the whole thing on loading of the plugin. @James, that would be idea, but I am only one person and there are potentially many, many plugin devs. @Deceze, see my answer towards Chris.Puparium
@Deceze, just re-read your comment, and I love the bit about the HR department that I did not see before. The project itself is open source. The files I am including are nothing more then plugins, and the whole system will run just fine without these plugins. The people who are making plugins are anywhere from brand new programmers, to professionals. I'd like to make sure the system covers it's own ass as much as possible.Puparium
Ah that makes sense! +1 from me thenDrink
I see, count me in with Chris then. :)Torrefy
E
4

You can call php -l on the file in question. This will shell out and slow though. it doesn't handle runtime errors like die() though.

test.php:

<?php
function check_code_file($filename)
{
    $filename = escapeshellcmd($filename);
    system("php -l $filename 2>/dev/null 1>/dev/null", $status);
    if ($status) return false;
    return true;
}
if (check_code_file('test-good.php'))
{
    include('test-good.php');
}
if (check_code_file('test-bad.php'))
{
    include('test-bad.php');
}
print "finished\n";

test-good.php:

<?php
print "here\n";

test-bad.php:

<?php
die(

$ php test.php

here
finished
Emlyn answered 6/6, 2010 at 0:15 Comment(5)
yea sorry, rushed the test case a bit, had a typo. Redid it with one that works.Emlyn
This solution can get expensive really quickly though.Emlyn
I don't mind this not catching die statements, that's fine with me, as long as the code is checked for sanity that's really all that matters. @halkeye Thanks, I'm going to do some tests on this, and get back to you.Puparium
Brilliant answer sir, I shall use this! Thank you!Puparium
It should be noted that I'm using this, based of your code: function isSafeToInclude($filePath) { if (!file_exists($filePath)) return FALSE; system('php -l ' . escapeshellcmd($filePath), $status); if ($status) return FALSE; else return TRUE; }Puparium
J
1

A less than ideal solution I thought I'd mention here for posterity. The original idea is here.

You can capture the E_PARSE error you would receive on a bad 'require' and hand it off to a shutdown function. The idea is to suppress the parsing error...

register_shutdown_function('post_plugin_include'); 
@require 'bad_include.php';

Then do your primary execution after the fact.

function post_plugin_include() {
    if(is_null($e = error_get_last()) === false) {
        // do something else
    }
}

Like I said, less than ideal but interesting nonetheless.

Jerald answered 6/6, 2010 at 0:8 Comment(1)
I've never seen that before, and it offers some interesting ideas. Thanks for sharing. +1Puparium
M
0

Depending on the PHP version you could use php_check_syntax() (practically the same as php -l).

But its a moo point really.. Either you need the stuff your trying to include or you dont include it.

Marquez answered 6/6, 2010 at 0:47 Comment(1)
I don't need the stuff I'm trying to include, but it adds functionality to the code. So I'm trying to include safely. Also, I just checked, this function is deprecated as of 5.0.4. Thanks for the reply tho!Puparium

© 2022 - 2024 — McMap. All rights reserved.