ramblings on PHP, SQL, the web, politics, ultimate frisbee and what else is on in my life

PHP6 - moving forward in a sensible manner

Rasmus recently kicked off, what will likely become the largest thread in PHP history. Essentially he came up with a list of changes he would like to see in PHP 6. This has opened the floodgates on feature wishes. I hope poor Steph will somehow manage to fit all of these into a Zend weekly summary. As the stream of new suggestions is slowly dying down Zeev stepped up to remind people that "Compatibility breakup is not binary, it accumulates". I very much agree with him on this point.

I do not agree with him that the breakage suggested by Rasmus will be all that severe. As a matter of fact we have a number of tools that will led us clean up the language from broken features, confusing function parameter orders or long deprecated alias, without breaking existing code.

Zeev mentions register_globals and magic_quotes_gpc as features that should not be removed. However register_globals is quite easy to get back via an auto prepend file that basically does:

Fixing magic_quotes_gpc could be fixed with an auto prepend file just as well. Optionally the new filtering extension which Rasmus also proposed could have a mode for this.

Zeev also mentions that PHP is not about acedemic purity and so he sees little benefit from cleaning up the language. Of course PHP has been indredibily successful eventhough alot of functions do not follow a common naming style or that alot of functions do not follow a common parameter order.

While PHP's success is undisputed I am sure you cannot claim that the lack of "acedemic purity" has helped PHP. So fixing this would be a definate step in the right direction. More importantly we have the tools to make this step relatively painless. Again by using an auto prepend file developers could make the necessary adjustments at runtime. PHP_Compat is a library that implements any new functionality in user space that gets added to PHP. For every alias we drop, function we rename we could add the given implementation to PHP_Compat. It gets even better. There is PHP_Compatinfo which can parse source code to determine which functions need to be included from PHP_Compat. So the content of the auto prepend file could be automatically generated quite easily.

Now fixing things like parameter orders will be much more difficult. However even there we have a tool readily available with runkit. While runkit today only handles user space interception I have gotten a statement from Sara on IRC that implied this could easily be extended to cover internal functions as well. So PHP_Compat could make use of runkit to also handle functions that get new parameters or whoes parameter order is changed.

Runkit also adds one of my biggest feature wishes to PHP: sandboxing. Often the effort in determining if data or third party code is safe at runtime is simply too high. A good example of this is unserialize(). Its currently close to impossible to use this function on foreign data, since analyzing the content for security issues means implementing a custom unserializer. The same goes for templates that get developed by a designer. Alot of people are using Smarty just because its a limited reimplementation of PHP. They are hoping that this way they need not worry about the designer breaking their application or hacking their users. But if PHP would have proper sandboxing things like Smarty would become large unncessary and PHP could finally fulfill its promise of being a template engine :-)

Sandboxing gives us another important feature since the sandbox itself could be a different version of PHP than the process that loads the sandbox. So it again could be a solution to assit people in migrading their code while offering a clean, fast and powerful language.

Oh and while we are on the topic of what I like:
I would also like to get short_open_tag's removed. While this would in fact mean that alot of files would have to be modified I do think that in this case it would probably be a fairly simple search and replace. In this day and age it simply makes no sense to keep this feature around.

Before you can post a comment please solve the following captcha.

your name: