Skip to content

Commit

Permalink
[ci skip] Fix CS in Markdown files
Browse files Browse the repository at this point in the history 
Checked and quickfixed with Markdown linter
- 80 columns line width (~)
- code highlighting
- ...

Some most obvious outdated content updated a bit more.
  • Loading branch information
@petk
petk committed Apr 21, 2019
1 parent 80f3c69 commit 1c94aac
Show file tree
Hide file tree
Showing 11 changed files with 1,032 additions and 932 deletions.
21 changes: 14 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,31 +48,38 @@ PHP uses autotools on Unix systems to configure the build:

*See `make -h` for make options.*

The `-j` option shall set the maximum number of jobs `make` can use for the build:
The `-j` option shall set the maximum number of jobs `make` can use for the
build:

make -j4

Shall run `make` with a maximum of 4 concurrent jobs: Generally the maximum number of jobs should not exceed the number of cores available.
Shall run `make` with a maximum of 4 concurrent jobs: Generally the maximum
number of jobs should not exceed the number of cores available.

## Testing PHP source code

PHP ships with an extensive test suite, the command `make test` is used after successful compilation of the sources to run this test suite.
PHP ships with an extensive test suite, the command `make test` is used after
successful compilation of the sources to run this test suite.

It is possible to run tests using multiple cores by setting `-jN` in `TEST_PHP_ARGS`:
It is possible to run tests using multiple cores by setting `-jN` in
`TEST_PHP_ARGS`:

make TEST_PHP_ARGS=-j4 test

Shall run `make test` with a maximum of 4 concurrent jobs: Generally the maximum number of jobs should not exceed the number of cores available.
Shall run `make test` with a maximum of 4 concurrent jobs: Generally the maximum
number of jobs should not exceed the number of cores available.

The [qa.php.net](https://qa.php.net) site provides more detailed info about testing and quality assurance.
The [qa.php.net](https://qa.php.net) site provides more detailed info about
testing and quality assurance.

## Installing PHP built from source

After a successful build (and test), PHP may be installed with:

make install

Depending on your permissions and prefix, `make install` may need super user permissions.
Depending on your permissions and prefix, `make install` may need super user
permissions.

## PHP extensions

Expand Down
43 changes: 20 additions & 23 deletions docs/input-filter.md
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,23 @@
# Input Filter Support in PHP 5

XSS (Cross Site Scripting) hacks are becoming more and more prevalent,
and can be quite difficult to prevent. Whenever you accept user data
and somehow display this data back to users, you are likely vulnerable
to XSS hacks.

The Input Filter support in PHP 5 is aimed at providing the framework
through which a company-wide or site-wide security policy can be
enforced. It is implemented as a SAPI hook and is called from the
treat_data and post handler functions. To implement your own security
policy you will need to write a standard PHP extension. There is also
a powerful standard implementation in ext/filter that should suit most
peoples' needs. However, if you want to implement your own security
policy, read on.

A simple implementation might look like the following. This stores the
original raw user data and adds a my_get_raw() function while the normal
$_POST, $_GET and $_COOKIE arrays are only populated with stripped
data. In this simple example all I am doing is calling strip_tags() on
the data.

```
# Input filter support in PHP

XSS (Cross Site Scripting) hacks are becoming more and more prevalent, and can
be quite difficult to prevent. Whenever you accept user data and somehow display
this data back to users, you are likely vulnerable to XSS hacks.

The Input Filter support in PHP is aimed at providing the framework through
which a company-wide or site-wide security policy can be enforced. It is
implemented as a SAPI hook and is called from the `treat_data` and post handler
functions. To implement your own security policy you will need to write a
standard PHP extension. There is also a powerful standard implementation in
`ext/filter` that should suit most peoples' needs. However, if you want to
implement your own security policy, read on.

A simple implementation might look like the following. This stores the original
raw user data and adds a `my_get_raw()` function while the normal `$_POST`,
`$_GET` and `$_COOKIE` arrays are only populated with stripped data. In this
simple example all I am doing is calling `strip_tags()` on the data.

```c
ZEND_BEGIN_MODULE_GLOBALS(my_input_filter)
zval *post_array;
zval *get_array;
Expand Down
11 changes: 5 additions & 6 deletions docs/mailinglist-rules.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Mailinglist Rules
# Mailinglist rules

This is the first file you should be reading before doing any posts on PHP
mailinglists. Following these rules is considered imperative to the success of
Expand All @@ -19,7 +19,6 @@ following some basic rules with regards to mailinglist usage will:

d. Increase the general level of good will on planet Earth.


Having said that, here are the organizational rules:

1. Respect other people working on the project.
Expand All @@ -28,9 +27,9 @@ Having said that, here are the organizational rules:
your post after a good breather or a good nights sleep.

3. Make sure you pick the right mailinglist for your posting. Please review
the descriptions on the mailinglist overview page
(http://www.php.net/mailing-lists.php). When in doubt ask a friend or
someone you trust on IRC.
the descriptions on the
[mailinglist overview page](https://www.php.net/mailing-lists.php). When
in doubt ask a friend or someone you trust on IRC.

4. Make sure you know what you are talking about. PHP is a very large project
that strives to be very open. The flip side is that the core developers
Expand Down Expand Up @@ -70,7 +69,7 @@ The next few rules are more some general hints:
new thread.

Finally, additional hints on how to behave inside the virtual community can be
found in RFC 1855 (http://www.faqs.org/rfcs/rfc1855.html).
found in [RFC 1855](http://www.faqs.org/rfcs/rfc1855.html).

Happy hacking,

Expand Down
265 changes: 131 additions & 134 deletions docs/output-api.md
View file
Original file line number Diff line number Diff line change
@@ -1,139 +1,136 @@
API adjustment to the old output control code:
# API adjustment to the old output control code

Everything now resides beneath the php_output namespace,
and there's an API call for every output handler op.
Everything now resides beneath the php_output namespace, and there's an API call
for every output handler op.

Checking output control layers status:
// Using OG()
php_output_get_status();
Checking output control layers status:
// Using OG()
php_output_get_status();

Starting the default output handler:
// php_start_ob_buffer(NULL, 0, 1);
php_output_start_default();
Starting the default output handler:
// php_start_ob_buffer(NULL, 0, 1);
php_output_start_default();

Starting an user handler by zval:
// php_start_ob_buffer(zhandler, chunk_size, erase);
php_output_start_user(zhandler, chunk_size, flags);
Starting an user handler by zval:
// php_start_ob_buffer(zhandler, chunk_size, erase);
php_output_start_user(zhandler, chunk_size, flags);

Starting an internal handler without context:
// php_ob_set_internal_handler(my_php_output_handler_func_t, buffer_size, "output handler name", erase);
php_output_start_internal(handler_name, handler_name_len, my_php_output_handler_func_t, chunk_size, flags);

Starting an internal handler with context:
// not possible with old API
php_output_handler *h;
h = php_output_handler_create_internal(handler_name, handler_name_len, my_php_output_handler_context_func_t, chunk_size, flags);
php_output_handler_set_context(h, my_context, my_context_dtor);
php_output_handler_start(h);

Testing whether a certain output handler has already been started:
// php_ob_handler_used("output handler name");
php_output_handler_started(handler_name, handler_name_len);

Flushing one output buffer:
// php_end_ob_buffer(1, 1);
php_output_flush();

Flushing all output buffers:
// not possible with old API
php_output_flush_all();

Cleaning one output buffer:
// php_ob_end_buffer(0, 1);
php_output_clean();

Cleaning all output buffers:
// not possible with old API
php_output_clean_all();

Discarding one output buffer:
// php_ob_end_buffer(0, 0);
php_output_discard();

Discarding all output buffers:
// php_ob_end_buffers(0);
php_output_discard_all();

Stopping (and dropping) one output buffer:
// php_ob_end_buffer(1, 0)
php_output_end();

Stopping (and dropping) all output buffers:
// php_ob_end_buffers(1, 0);
php_output_end_all();

Retrieving output buffers contents:
// php_ob_get_buffer(zstring);
php_output_get_contents(zstring);

Retrieving output buffers length:
// php_ob_get_length(zlength);
php_output_get_length(zlength);

Retrieving output buffering level:
// OG(nesting_level);
php_output_get_level();

Issue a warning because of an output handler conflict:
// php_ob_init_conflict("to be started handler name", "to be tested if already started handler name");
php_output_handler_conflict(new_handler_name, new_handler_name_len, set_handler_name, set_handler_name_len);

Registering a conflict checking function, which will be checked prior starting the handler:
// not possible with old API, unless hardcoding into output.c
php_output_handler_conflict_register(handler_name, handler_name_len, my_php_output_handler_conflict_check_t);

Registering a reverse conflict checking function, which will be checked prior starting the specified foreign handler:
// not possible with old API
php_output_handler_reverse_conflict_register(foreign_handler_name, foreign_handler_name_len, my_php_output_handler_conflict_check_t);

Facilitating a context from within an output handler callable with ob_start():
// not possible with old API
php_output_handler_hook(PHP_OUTPUT_HANDLER_HOOK_GET_OPAQ, (void *) &custom_ctx_ptr_ptr);

Disabling of the output handler by itself:
//not possible with old API
php_output_handler_hook(PHP_OUTPUT_HANDLER_HOOK_DISABLE, NULL);

Marking an output handler immutable by itself because of irreversibility of its operation:
// not possible with old API
php_output_handler_hook(PHP_OUTPUT_HANDLER_HOOK_IMMUTABLE, NULL);

Restarting the output handler because of a CLEAN operation:
// not possible with old API
if (flags & PHP_OUTPUT_HANDLER_CLEAN) { ... }

Recognizing by the output handler itself if it gets discarded:
// not possible with old API
if ((flags & PHP_OUTPUT_HANDLER_CLEAN) && (flags & PHP_OUTPUT_HANDLER_FINAL)) { ... }


Output handler hooks

The output handler can change its abilities at runtime. Eg. the gz handler can
remove the CLEANABLE and REMOVABLE bits when the first output has passed through it;
or handlers implemented in C to be used with ob_start() can contain a non-global
context:
PHP_OUTPUT_HANDLER_HOOK_GET_OPAQ
pass a void*** pointer as second arg to receive the address of a pointer
pointer to the opaque field of the output handler context
PHP_OUTPUT_HANDLER_HOOK_GET_FLAGS
pass a int* pointer as second arg to receive the flags set for the output handler
PHP_OUTPUT_HANDLER_HOOK_GET_LEVEL
pass a int* pointer as second arg to receive the level of this output handler
(starts with 0)
PHP_OUTPUT_HANDLER_HOOK_IMMUTABLE
the second arg is ignored; marks the output handler to be neither cleanable
nor removable
PHP_OUTPUT_HANDLER_HOOK_DISABLE
the second arg is ignored; marks the output handler as disabled


Open questions

Should the userland API be adjusted and unified?

Many bits of the manual (and very first implementation) do not comply
with the behaviour of the current (to be obsoleted) code, thus should
the manual or the behaviour be adjusted?

END
Starting an internal handler without context:
// php_ob_set_internal_handler(my_php_output_handler_func_t, buffer_size, "output handler name", erase);
php_output_start_internal(handler_name, handler_name_len, my_php_output_handler_func_t, chunk_size, flags);

Starting an internal handler with context:
// not possible with old API
php_output_handler *h;
h = php_output_handler_create_internal(handler_name, handler_name_len, my_php_output_handler_context_func_t, chunk_size, flags);
php_output_handler_set_context(h, my_context, my_context_dtor);
php_output_handler_start(h);

Testing whether a certain output handler has already been started:
// php_ob_handler_used("output handler name");
php_output_handler_started(handler_name, handler_name_len);

Flushing one output buffer:
// php_end_ob_buffer(1, 1);
php_output_flush();

Flushing all output buffers:
// not possible with old API
php_output_flush_all();

Cleaning one output buffer:
// php_ob_end_buffer(0, 1);
php_output_clean();

Cleaning all output buffers:
// not possible with old API
php_output_clean_all();

Discarding one output buffer:
// php_ob_end_buffer(0, 0);
php_output_discard();

Discarding all output buffers:
// php_ob_end_buffers(0);
php_output_discard_all();

Stopping (and dropping) one output buffer:
// php_ob_end_buffer(1, 0)
php_output_end();

Stopping (and dropping) all output buffers:
// php_ob_end_buffers(1, 0);
php_output_end_all();

Retrieving output buffers contents:
// php_ob_get_buffer(zstring);
php_output_get_contents(zstring);

Retrieving output buffers length:
// php_ob_get_length(zlength);
php_output_get_length(zlength);

Retrieving output buffering level:
// OG(nesting_level);
php_output_get_level();

Issue a warning because of an output handler conflict:
// php_ob_init_conflict("to be started handler name", "to be tested if already started handler name");
php_output_handler_conflict(new_handler_name, new_handler_name_len, set_handler_name, set_handler_name_len);

Registering a conflict checking function, which will be checked prior starting the handler:
// not possible with old API, unless hardcoding into output.c
php_output_handler_conflict_register(handler_name, handler_name_len, my_php_output_handler_conflict_check_t);

Registering a reverse conflict checking function, which will be checked prior starting the specified foreign handler:
// not possible with old API
php_output_handler_reverse_conflict_register(foreign_handler_name, foreign_handler_name_len, my_php_output_handler_conflict_check_t);

Facilitating a context from within an output handler callable with ob_start():
// not possible with old API
php_output_handler_hook(PHP_OUTPUT_HANDLER_HOOK_GET_OPAQ, (void *) &custom_ctx_ptr_ptr);

Disabling of the output handler by itself:
//not possible with old API
php_output_handler_hook(PHP_OUTPUT_HANDLER_HOOK_DISABLE, NULL);

Marking an output handler immutable by itself because of irreversibility of its operation:
// not possible with old API
php_output_handler_hook(PHP_OUTPUT_HANDLER_HOOK_IMMUTABLE, NULL);

Restarting the output handler because of a CLEAN operation:
// not possible with old API
if (flags & PHP_OUTPUT_HANDLER_CLEAN) { ... }

Recognizing by the output handler itself if it gets discarded:
// not possible with old API
if ((flags & PHP_OUTPUT_HANDLER_CLEAN) && (flags & PHP_OUTPUT_HANDLER_FINAL)) { ... }

## Output handler hooks

The output handler can change its abilities at runtime. Eg. the gz handler can
remove the CLEANABLE and REMOVABLE bits when the first output has passed through it;
or handlers implemented in C to be used with ob_start() can contain a non-global
context:

PHP_OUTPUT_HANDLER_HOOK_GET_OPAQ
pass a void*** pointer as second arg to receive the address of a pointer
pointer to the opaque field of the output handler context
PHP_OUTPUT_HANDLER_HOOK_GET_FLAGS
pass a int* pointer as second arg to receive the flags set for the output handler
PHP_OUTPUT_HANDLER_HOOK_GET_LEVEL
pass a int* pointer as second arg to receive the level of this output handler
(starts with 0)
PHP_OUTPUT_HANDLER_HOOK_IMMUTABLE
the second arg is ignored; marks the output handler to be neither cleanable
nor removable
PHP_OUTPUT_HANDLER_HOOK_DISABLE
the second arg is ignored; marks the output handler as disabled

## Open questions

* Should the userland API be adjusted and unified?

Many bits of the manual (and very first implementation) do not comply with the
behaviour of the current (to be obsoleted) code, thus should the manual or the
behaviour be adjusted?
Loading

0 comments on commit 1c94aac

Please sign in to comment.