StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
8059868
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
6
CommunityOwnedDate
CreationDate
2011-11-09T03:04:20.383
FavoriteCount
0
LastActivityDate
2011-11-09T15:13:19.640
LastEditDate
2011-11-09T15:13:19.640
LastEditorUserId
492901
OwnerUserId
492901
ParentId
8059216
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
After some research, here is what I came up with. The only (clean) solution is to use member functions and instance/class variables. You need to: <ul> <li>Reference everything using <code>$this</code> and not function arguments.</li> <li>Unset all globals, superglobals and restore them afterwards.</li> <li>Use a possible race condition of some sorts. i.e.: In my example below, <code>render()</code> will set instance variables that <code>_render()</code> will use afterwards. In a multi-threaded system, this creates a race condition: thread A may call render() at the same time as thread B and the data will be inexact for one of them. Fortunately, for now, PHP isn't multi-threaded.</li> <li>Use a temporary file to include, containing a closure, to avoid the use of <code>eval</code>.</li> </ul> The template class I came up with: <pre><code>class template { // Store the template data protected $_data = array(); // Store the template filename protected $_file, $_tmpfile; // Store the backed up $GLOBALS and superglobals protected $_backup; // Render a template $file with some $data public function render($file, $data) { $this->_file = $file; $this->_data = $data; $this->_render(); } // Restore the unset superglobals protected function _restore() { // Unset all variables to make sure the template don't inject anything foreach ($GLOBALS as $var => $value) { // Unset $GLOBALS and you're screwed if ($var === 'GLOBALS') continue; unset($GLOBALS[$var]); } // Restore all variables foreach ($this->_backup as $var => $value) { // Set back all global variables $GLOBALS[$var] = $value; } } // Backup the global variables and superglobals protected function _backup() { foreach ($GLOBALS as $var => $value) { // Unset $GLOBALS and you're screwed if ($var === 'GLOBALS') continue; $this->_backup[$var] = $value; unset($GLOBALS[$var]); } } // Render the template protected function _render() { $this->_backup(); $this->_tmpfile = tempnam(sys_get_temp_dir(), __CLASS__); $code = '<?php $render = function() {'. 'extract('.var_export($this->_data, true).');'. 'require "'.$this->_file.'";'. '}; $render();' file_put_contents($this->_tmpfile, $code); include $this->_tmpfile; $this->_restore(); } } </code></pre> And here's the test case: <pre><code>// Setting some global/superglobals $_GET['get'] = 'get is still set'; $hello = 'hello is still set'; $t = new template; $t->render('template.php', array('foo'=>'bar', 'this'=>'hello world')); // Checking if those globals/superglobals are still set var_dump($_GET['get'], $hello); // Those shouldn't be set anymore var_dump($_SERVER['bar'], $GLOBALS['stack']); // undefined indices </code></pre> And the template file: <pre><code><?php var_dump($GLOBALS); // prints an empty list $_SERVER['bar'] = 'baz'; // will be unset later $GLOBALS['stack'] = 'overflow'; // will be unset later var_dump(get_defined_vars()); // foo, this ?> </code></pre> In short, this solution: <ul> <li>Hides all globals and superglobals. The variables themselves ($_GET, $_POST, etc.) can still be modified, but they will revert back to what they were previously.</li> <li>Does not shadow variables. (Almost) everything can be used, including <code>$this</code>. (Except for <code>$GLOBALS</code>, see below).</li> <li>Does not bring anything into scope that wasn't passed.</li> <li>Does not lose any data nor trigger destructors, because the refcount never reaches zero for any variable.</li> <li>Does not use <code>eval</code> or anything like that.</li> </ul> Here's the result I have for the above: <pre><code>array(1) { ["GLOBALS"]=> *RECURSION* } array(2) { ["this"]=> string(11) "hello world" ["foo"]=> string(3) "bar" } string(10) "get is still set" string(12) "hello is still set" Notice: Undefined index: bar in /var/www/temp/test.php on line 75 Call Stack: 0.0003 658056 1. {main}() /var/www/temp/test.php:0 Notice: Undefined index: stack in /var/www/temp/test.php on line 75 Call Stack: 0.0003 658056 1. {main}() /var/www/temp/test.php:0 NULL NULL </code></pre> If you dump <code>$GLOBALS</code> after the fact it should be just like it was before the call. The only possible issue is that someone still can execute something like: <pre><code>unset($GLOBALS); </code></pre> ... and you're screwed. And there is no way around that.
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. PORequire an arbitrary PHP file without leaking variables into scope
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USnetcoder
UserOwnerUserId
1. USnetcoder
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.