I read this question/answer however there wasn't any mention of it being a "bad idea", and unfortunately any search query with the words parse, xml, and php typically yield information about parsing XML with PHP (via SimpleXML or whatever)
Short question -- Is it a viable solution to embed PHP in XML, extracting (and executing) it conditionally, by targeting processing instruction nodes during XML parsing, or am I barking up a tree fraught with issues?
Expanding -- Perhaps the issue is less to do with XML, and more to do with selecting an appropriate "meta-language", against which I can perform queries to satisfy conditions, and execute the contained PHP snippet. XML seemed like a good candidate for it's structure, portability, and simplicity (despite verbosity)
I've considered just falling back to vanilla PHP, using arrays as a data structure, but any structured meta-language would suffice as a wrapper. Suggestions of your preferred language for such a task is more than welcome.
Anyway, I've been working on an engine that accepts XML files with embedded PHP. I parse the XML data (in my case using SAX callbacks) and depending on some input to assist with "querying" the XML data, the appropriate embedded PHP is pulled and ran with eval()
.
(I know; "If eval()
is the answer, you're almost certainly asking the wrong question.", but I'm not concerned with that at the moment)
So I end up with something like:
<root>
<node>
<parameters>
<!-- some stuff -->
</parameters>
<callback>
<?php
function(){
// do some stuff
};
?>
</callback>
</node>
<node>
<parameters>
<!-- some other stuff -->
</parameters>
<callback>
<?php
function(){
// do some other stuff
};
?>
</callback>
</node>
</root>
I can parse the PHP out by setting a callback with xml_set_processing_instruction_handler()
which ultimately does:
xml_set_processing_instruction_handler($parser, function($parser, $target, $func)
{
// obtain some parameters into $data
call_user_func(eval("return {$func};"), $data);
});
(the code is only an example, there's alot more going on here of course)
Has this approach been attempted resulting in failure due to some unforeseen edge case? I don't want to invest a large about of time into such a parser only to find out that it'll fail spectacularly under some circumstances. I'm happy to learn from my own mistakes, but I'd much rather learn from someone else's.
This seems like a better approach than Phing's custom approach of declaring an AdhocTask as CDATA and executing the code within. Note that in the source code, they simply eval the contents of the element.
One caveat that I can see is mentioned on the xml_set_processing_instruction_handler() documentation: "the PI end tag (?>) can not be quoted." This means the following will present a problem:
<callback>
<?php
function() {
return '?>';
};
?>
</callback>
This is quite easily avoided:
<callback>
<?php
function() {
return '?' . '>';
};
?>
</callback>
Other than that, as long as you take the usual eval() precautions, you should be fine!