-
Notifications
You must be signed in to change notification settings - Fork 11
Forbid a few other dangerous functions #45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tady stimhle bych byl opatrny, dost se to pouziva
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Envy bys v aplikaci nemel vytvaret, jen prijimat.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Máš nějaký příklad?
V pár specifických případech se to asi používá oprávněně (třeba v command-line tools), tam bych si to pak dal do výjimek.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Jop vetsinou se jedna o command-line, nebo o testy.
treba priklad
$input = new ArgvInput();
if (null !== $_ENV['APP_ENV'] = $input->getParameterOption(['--env', '-e'], null, true)) {
putenv('APP_ENV='.$_ENV['APP_ENV']);
// force loading .env files when --env is defined
$_SERVER['APP_ENV'] = null;
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tohle ale bude v nějakém bootstrap.php nebo index.php, kde už je beztak i require_once (načítá se composer autoloader), takže to stejně bude ve výjimkách, ne?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nejenom tam, vyuziva to napr. SF komponenta Dotenv
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hokypierce To jo, ale ty sám to ze svého kódu mimo nějaký index.php nevoláš, nebo jo? Kdyžtak mi hoď do Slacku link do bitbucket jestli to někde máte, kouknu.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@OndraM mas pravdu ze to je jen z bootstrapu pri init app
Inspired by @spaze's disallowed-dangerous-calls and disallowed-execution-calls.