PHP中的XML功能? [英] PHP function in XML?

问题描述

是否可以用XML编写PHP函数

 < doThis>做这个(){砰砰砰！}</doThis> 

并使用 simplexml_load_file 获取具有该功能的对象?

  $ foo = simplexml_load_file($ xmlAbove);$ foo-> doThis();//砰砰砰！ 

解决方案

首先，您应该始终考虑像这样运行代码"的安全隐患.如果此XML文件具有远程起源，并且您执行了代码，则它可能会执行任何操作.那么 exec(rm -fR/some/important/path); 呢?还是删除所有内容的数据库调用?发送者与您的代码之间必须有非常牢固的信任关系，并且还必须具有强大的安全协议以防止中间人攻击和其他攻击.

对于您的问题，这是不可能直接实现的.如前所述，XML是数据，而不是代码，并且应该是可移植的，这意味着您的PHP代码对于其他接受此XML的客户端来说是无稽之谈.

但是，您可以使用 eval .也许是这样的:

  eval($ foo-> doThis); 

注意:我完全不建议这样做.它不是XML的预期用途，它有很多问题.请考虑一下其他方法.

Is it possible to write a PHP function in a XML

<doThis>

doThis(){
bang bang bang!
}

</doThis>

and use simplexml_load_file to get the object with that function?

$foo = simplexml_load_file($xmlAbove);
$foo->doThis();   //bang bang bang!

解决方案

Firstly, you should always consider the security implications of running "code" like this. If this XML file has remote origins, and you execute the code, then it might do anything. What about exec(rm -fR /some/important/path);? Or a database call that deletes everything? There needs to be a very strong trust relationship between the sender and your code, and also strong security protocols to prevent man-in-the-middle and other attacks.

To your question, it is not possible directly. As commented, XML is data, not code, and is supposed to be portable, meaning your PHP code will be nonsense to another client accepting this XML.

However, you could use eval. Maybe like this:

eval($foo->doThis);

Note: I wouldn't recommend this at all. It isn't the intended use of XML and it has many problems. Please, think of some other way.

这篇关于PHP中的XML功能?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！