php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #47926 It would be nice if there were a temporary conditions control structure
Submitted: 2009-04-08 18:53 UTC Modified: 2015-05-04 14:06 UTC
Votes:3
Avg. Score:4.0 ± 0.8
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: jeremy dot tharp at gmail dot com Assigned: cmb (profile)
Status: Closed Package: *General Issues
PHP Version: 5.2.9 OS: Redhat Linux
Private report: No CVE-ID: None
View Developer Edit
 [2009-04-08 18:53 UTC] jeremy dot tharp at gmail dot com 
Description:
------------
This isn't really a bug, but I think it would be great to have a control structure that has temporary execution parameters.  Consider it an execution space similar to a while or switch, etc.

The reason I could use it in this particular instance is for security reasons.  For certain code, I need to elevate a logged in user's "status" to temporarily give them super user permissions.  Basically I temporarily convert the user, run the code, then convert them back.

convert_user();
execute_code_here();
convert_user_back();

This works great, of course, but if I have to do this 300 times, there is a decent chance that I would forget to convert_user_back();, causing a security hole (the user would then be logged in as a super user).

It would be great if I could do something like

execspace conversion_space ($params[]) {
     function start () {
          convert_user();
    }
    function stop  () {
          convert_user_back();
   }
}

Then in my actual code, I would do:

conversion_space {  // start function executes here
      // execute some code
} // stop function executes here

This way, it is grammatically impossible to implement the structure without closing it.

I think this would be a powerful control structure for the language.  Perhaps there is an equally useful solution that I am unaware of, but if not, I think implementing it is worth consideration (and if there is, I would certainly appreciate the enlightenment!)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-05-02 13:02 UTC] cmb@php.net
-Package: Feature/Change Request +Package: *General Issues
 [2015-05-02 13:02 UTC] cmb@php.net 
A "bit" late, but anyway: as of PHP 5.3 you could make use of a
closure, and write conversion_space as a function

    function conversion_space($func) {
        convert_user();
        $func();
        convert_user_back();
    }
    
which can be called like so:
    
    conversion_space(function () {
        // some code
    });
 [2015-05-02 16:09 UTC] jeremy dot tharp at gmail dot com 
Ha! Better late than never :)

And how serendipitous ... I was just discussing with a coworker yesterday how I filed a feature request with the PHP community for this and how I wish I'd known the term closure at the time
 [2015-05-04 14:06 UTC] cmb@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: cmb
 [2015-05-04 14:06 UTC] cmb@php.net 
Well, then the request can be closed belatedly. :)
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Wed Dec 03 23:00:01 2025 UTC