Thread:Extension talk:PhpTags/Designing APIs in PhpTags extensions: limitations and best practices/reply

Hi, Joel!

In fact, such universal wrapper is done easy, the difficulty lies in the other...

I have done PhpTagsFuncNativeObject class. It is used for wrapping DateTime, DateTimeZone, DateInterval and DatePeriod classes in the Phptags Function extension. This class has few simple methods and can be used for wrapping almost any classes. (except classes that contains dynamic methods, but it also can be done).

The PhpTags extension is designed for sandboxing PHP code and the wrappers main task is check passed parameters and control access to resources (as firewall).

Generally PHP objects that we want to use with PhpTags (for example DateTime object) cannot hurt to system and they don't need be controled. But checking passed parameters is hurt me because PHP has no needed exceptions. I tried resolve it with using function set_error_handler, but it works not very well.

Finally I decided to make a description of all functions and classes that are used in PhpTags. The description contains count and type of parameters for all functions and methods of objects, and Runtimes check it every time. It will also allow to implement autocompletion code feature in the CodeMirror extension.

I almost finished work on it. ,, ,.

So, the most difficult work is make the description in json file.

However, the reality is different from the desired and developers should never relax and must do more to ensure safety. For examle. It transfers unchecked parameters to new \SQI\SemanticQueryInterface object. It is potential security issue, because SemanticQueryInterface does not check them also.

As for performance, I do not worry about it so much, because any optimization or vice versa code complexity has little effect on it now.

I am open to any suggestions and discussions :-) Have a nice time!