Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Intl] Switch from json to php resources #34214

Open
wants to merge 1 commit into
base: 3.4
from

Conversation

@jakzal
Copy link
Member

jakzal commented Nov 1, 2019

Q A
Branch? 3.4
Bug fix? no
New feature? no
Deprecations? no
Tickets Fix #23545
License MIT
Doc PR -

Benchmarks below were run on PHP 7.3.9. Average was taken for ten runs of each script.

Memory & Peak Memory was 2048kB in all cases.

Benchmark Time (no opcache) Time (opcache)
json 5ms 5ms
php 9ms 2ms
$symbolNamePairs = iterator_to_array($rootBundle['Currencies']);
$symbolNamePairs = array_map(function ($pair) {
return array_slice(iterator_to_array($pair), 0, 2);
}, iterator_to_array($rootBundle['Currencies']));

This comment has been minimized.

Copy link
@jakzal

jakzal Nov 1, 2019

Author Member

We need to do this so that php generator doesn't dump the following invalid code:

        'ESP' => [
            0 => '',
            1 => 'pesseta espanyola',
            2 => 
            ResourceBundle::__set_state(array(
            )],
        ],

Json generator used to simply dump {}.

We never use the third index. It's hardly ever present. If we dumped it it would like like this:

        'ESP' => [
            0 => '',
            1 => 'pesseta espanyola',
            2 => [
                0 => '¤ #,##0.00',
                1 => ',',
                2 => '.',
            ],
        ],
@jakzal jakzal force-pushed the jakzal:intl-php-resources branch from 07ccf85 to 85630ac Nov 1, 2019
@jakzal

This comment has been minimized.

Copy link
Member Author

jakzal commented Nov 1, 2019

Question: Since from now on we'd be including php files directly, are there any security implications? The PhpBundleReader does this:

return include $fileName;
@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Nov 4, 2019
@ro0NL

This comment has been minimized.

Copy link
Contributor

ro0NL commented Nov 6, 2019

@jakzal not to me, all bundle read/write related infra is marked internal.

All public classes with read access are final and use a fixed base path, e.g.:

protected static function getPath(): string
{
return Intl::getDataDirectory().'/'.Intl::TIMEZONE_DIR;
}

the directory traversal attack check is already in place, given the locale may be user provided:

// prevent directory traversal attacks
if (\dirname($fileName) !== $path) {
throw new ResourceBundleNotFoundException(sprintf('The resource bundle "%s" does not exist.', $fileName));
}

@jakzal jakzal changed the title WIP: [Intl] Switch from json to php resources [Intl] Switch from json to php resources Nov 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.