PHP :: Bug #16838 :: PHP short_open

Bug #16838

PHP short_open_tags and <?xml .. ?>

Submitted:

2002-04-25 20:07 UTC

Modified:

2002-10-08 22:07 UTC

Votes:	8
Avg. Score:	4.1 ± 0.6
Reproduced:	8 of 8 (100.0%)
Same Version:	3 (37.5%)
Same OS:	5 (62.5%)

From:

sloetz at web dot de

Assigned:

Status:

Not a bug

Package:

Scripting Engine problem

PHP Version:

4.2.0

OS:

all

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2002-04-25 20:07 UTC] sloetz at web dot de

Hello,

I would like to suggest a small change in PHP's
handling of open tags.

I think it would be diserable to allow the use of the
short tag syntax ('<? ..?>') for documents also
containing <?xml [..] ?> tags. The increasing usage of
XML and especially XHTML (for which the <?xml..?> tag
is of course mandatory) will lead to a growing number
of collisions between PHP's syntax and user's
requirements.  

AFAIK the only way for mixing xml-documents with PHP
code is to disable the short_open_tags option in the
php.ini file or make equivalent settings in the
httpd.conf (if using the Apache SAPI).

In my opinion, this is more a workaround than a real
solution. Obviously, it is impossible to include 'old'
code or third-party code which uses short tags and
even more important: not every user has access to the
php.ini file or httpd.conf file to modify the settings
accordingly.

Therefore I would like to propose to change the PHP
language scanner (as found in zend_language_scanner.l)
in a way that the token '<?xml' is not treated as a
PHP opening tag but rather (correctly) recognized as
inline HTML.

It could probably be sufficient to create an additional
rule for the scanner's <INITIAL>-start condition that
would catch the string '<?xml' before it can be
treated as an PHP open tag, e.g.:

<INITIAL>"<?xml" {
  zendlval->value.str.val = (char *) estrndup(yytext, yyleng);
  zendlval->value.str.len = yyleng;
  zendlval->type = IS_STRING;
  return T_INLINE_HTML;
}

I'm not sure whether this piece of code really works
or has unwanted side effects etc., but I guess it can put
forward my intention more clearly than more words :-) 

Thanks for your attention,

Sascha Loetz

(sloetz@web.de)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-04-25 20:56 UTC] rasmus@php.net

This seems extraneous to me.  You can simply echo the one <?xml tag that is usually needed.  No need to turn off short_tags.  Just do: <?echo '<?xml ...'?> at the top.

[2002-04-26 04:27 UTC] sloetz at web dot de

It is definitely not extraneous, as today PHP, despite
its claim to be a hypertext preprocessor, is not
capable of handling standard conforming XHTML
documents. Of course you can echo the ?xml-tag but
that was not my point. That would be just another
workaround for situations where your single goal is to
produce XML compliant *output*. There is an increasing
demand to keep the input files in a format that can be
processed by XML tools - most users I know of use
XHTML exactly for this reason and not for the mere fun
of adding closing tags all over the document :-)

But that is not the only problem. With the advent of
Apache 2 it will become common practice to apply
multiple filters successively to a source document,
e.g. use XSLT to produce XHTML with PHP from XML
sources and the send it to the PHP parser. What will
be PHP's answer? Don't use XML? Or enable PHP usage
through pre- and postprocessing filters that first
remove and then add xml-tags again?

To be honest, I think my suggested solution is neither
elegant nor very clever, but it should do its job.
Definitely the best solution would be to abolish all
kinds of short tag and asp tag syntax and only allow
the '<?php' and '<script..' styles. As far as I know,
there have been various discussions on that topic in
the past, so I decided not to suggest this again.

Thanks,

Sascha

[2002-04-26 05:45 UTC] icarus at dabo dot de

Hi!

I find this an extremly annoying behaviour, too. Since you can use PHP to parse every file with nearly no loss of performance (whether it contains PHP code or not) and only when it contains PHP-code it would be really parsed through the PHP-parser.

To my optinion it is often done that you simply let php parse every html-file, so the visitor cannot see if its generated dynamically or static. Since you will have pages that are _really_ static you would have to add php-code to simply add this "<?xml ..." which would cost much performance.

Bye!

Michael

[2002-04-26 05:51 UTC] derick@php.net

Then just turn off short-tags.
And there won't be any change in this, as:
1. It came up numerous times on php-dev
2. It makes little sense

Derick

[2002-04-26 06:28 UTC] sloetz at web dot de

Hi,

turning off short tags is not a real solution as long as PHP offically supports them. There are tons of code out there using short tags and there will be even more new code with short tags if this feature will not be abolished.

Furthermore, and I have to repeat this, there is huge group of PHP users that has no access to the php.ini settings (e.g. mod_php with safe_mode in a shared hosting environment). Should these users be forced to modify third-party code over and over again because the developers of this code insist on (offically supported) short tags? For companies and groups that offer web hosting services this is simply not viable. You can't over web hosting with mutual exclusion of XHTML and PHP.

And I also have to stress that again: PHP, a *hypertext preprocessor*, is not able to parse standard compliant XHTML!

I think there are only two solutions: Doing it the hard way by wholly removing short tags or changing PHP in a way that allows the usage of XHTML and short tags.

A third approach to this problem is not a real solution but an option for the user, namely switching to another scripting language.

Sascha

[2002-04-26 11:10 UTC] hholzgra@php.net

people have been warned for *ages* now 
that short tags are *not* xml-compliant,
so everybody still using them should be
blamed for doing so and not benn supported
in continuing using bad style ...

instead of adding extra magic i'd suggest
to emmit warnings for uses of '<?' even
if short_tags are enabled ...

[2002-04-26 11:41 UTC] sniper@php.net

Only good solution is to get rid of the short tags.
It only saves you 3 keystrokes..

[2002-04-26 11:43 UTC] sniper@php.net

Only good solution is to get rid of the short tags.
It only saves you 3 keystrokes..

[2002-04-26 15:02 UTC] proprietor at pp4 dot de

We shortly stumbled into that 'problem', too. Actually a contractor of ours did, that is.

- We are sending everything through php, even static html. We do not have much, kiss (keep is stupid simple) and there some statistics reasons.

- We host several loosely relatd sites, for clients who sometimes (let) code on their own; we add to theis sites, some other stuff is directly outsourced by us.

- a young employee of one of our contractors recently approached me with a nicely made several-pages paper demonstrating a "bug in he server" !  Yes alas, he tried to use xml, clashed with php short tags, and here you go!  He had no real knowledge of php at all, and he did not know we were using it, anyways.

- I scanned our site for short tags: Found many.  I tried to auto-replace them with long tags: many sites did not work any more.  I tried to also replace "<?=" with "<?php echo" and it also did not work :-(

- I ran a q&d count against our web sites & found roughly as many "<?" as ("<?[:whitespace:]" plus "<?=" plus "<?php") so 

=> I propose to add an option to the php.ini that restricts short tags to ones like "<?" followed by whitespace or followed by "=" and leaves everything else alone.

Pu <proprietor@pp4.de>

[2002-09-13 07:46 UTC] roland dot lichti at mediaways dot net

Is there any chance to get this problem fixed? Even in 4.2.2 this bug isn't fixed. together with another bug (when short_open_tags is enabled EVERY file is parsed) this bug is now really annoying.

[2002-09-13 08:01 UTC] mfischer@php.net

No, a global fix is not on the ways; not in the near future.

As advised, please consult the php-dev@ archive at marc.theaimsgroup.com for discussion and background why it's not changing soon.

Feel free to discuss this on php-dev@lists.php.net (more developers will probably read it).

[2002-10-08 22:07 UTC] iliaa@php.net

Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

There are currently 2 ways you can avoid this issue:
1st and probably the best is to disable short_tags. For people writing distributable apps it is a must, since not every user configures their PHP with short_tags on.
2nd solution involves incasing the <xml tag within a php echo , like this: echo '<?xml>';

If you do not believe that this is the correct behaviour review many previous threads on php-dev mailing list on this issue for more reasons as to why this is done the way it is. If you feel you have something new to add on this matter, please do so on php-dev mailing list.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Apr 20 02:01:29 2024 UTC