6.0.0-git
2019-12-14

[#3037] Horde_Config should validate generated PHP
Summary Horde_Config should validate generated PHP
Queue Horde Framework Packages
Queue Version HEAD
Type Enhancement
State Accepted
Priority 1. Low
Owners
Requester chuck (at) horde (dot) org
Created 2005-11-24 (5133 days ago)
Due
Updated 2008-11-09 (4052 days ago)
Assigned
Resolved
Milestone
Patch No

History
2008-11-09 01:59:41 Chuck Hagenbuch State ⇒ Accepted
 
2006-11-16 17:08:25 Chuck Hagenbuch State ⇒ Stalled
 
2005-11-24 22:41:40 Chuck Hagenbuch Comment #3 Reply to this comment
I already thought about that a few times, but this would only be 
possible with
calling a PHP cli with the -l flag, but how to handle this 
gracefully with the lots of
different places where it can be installed - if it is installed at all?
Well, if we assume that the worst that can happen is a parse error - 
as opposed to a fatal error - we could eval() it. Since we require 
admin access this might not be as bad a security risk as otherwise.
Also, to help achieve more specific error messages, we should add a
new type for PHP code that also validates the individual snippets so
that you can't enter something that's not valid on the right side of
an = expression in one of those fields.
Wouldn't this be covered by the above?
Other way around, really - if we lint the whole file we can't tell the 
user which field the error was in, if we lint each field we can.
2005-11-24 17:14:12 Jan Schneider Comment #2 Reply to this comment
We can't catch _everything_, but the validate() method on ConfigForm
should make sure the config file we're going to generate parses
before considering the form valid.
I already thought about that a few times, but this would only be 
possible with calling a PHP cli with the -l flag, but how to handle 
this gracefully with the lots of different places where it can be 
installed - if it is installed at all?
Also, to help achieve more specific error messages, we should add a
new type for PHP code that also validates the individual snippets so
that you can't enter something that's not valid on the right side of
an = expression in one of those fields.
Wouldn't this be covered by the above?
2005-11-24 16:44:01 Chuck Hagenbuch Comment #1
Type ⇒ Enhancement
State ⇒ Accepted
Priority ⇒ 1. Low
Summary ⇒ Horde_Config should validate generated PHP
Queue ⇒ Horde Framework Packages
Reply to this comment
We can't catch _everything_, but the validate() method on ConfigForm 
should make sure the config file we're going to generate parses before 
considering the form valid.



Also, to help achieve more specific error messages, we should add a 
new type for PHP code that also validates the individual snippets so 
that you can't enter something that's not valid on the right side of 
an = expression in one of those fields.

Saved Queries