ProHoster > Blog > litaba tsa inthanete > Ho lokolloa ha Pesaleme ea 3.12, mohlahlobi o tsitsitseng oa puo ea PHP. Ho lokolloa ha alpha ea PHP 8.0

Ho lokolloa ha Pesaleme ea 3.12, mohlahlobi o tsitsitseng oa puo ea PHP. Ho lokolloa ha alpha ea PHP 8.0

Khamphani ea Vimeo e phatlalalitsoeng tokollo e ncha ea static analyzer Pesaleme ea 3.12, e u lumellang ho tseba liphoso tse totobetseng le tse poteletseng ho khoutu ea PHP, hammoho le ho lokisa mefuta e meng ea liphoso ka bo eona. Sistimi e loketse ho tsebahatsa mathata ka har'a khoutu ea lefa le khoutu e sebelisang likarolo tsa sejoale-joale tse hlahisitsoeng makaleng a macha a PHP. Khoutu ea morero e ngotsoe ka PHP le ajoa ke tlas'a laesense ea MIT.

Pesaleme e supa boholo ba mathata a amanang le tšebeliso e fosahetseng ea mofuta, hammoho le a fapaneng liphoso tse tloaelehileng. Mohlala, e ts'ehetsa litemoso mabapi le ho kopanya mefuta e fapaneng polelong, liteko tsa kelello tse fosahetseng (joalo ka "haeba ($a && $a) {}", "haeba ($a && !$a) {}" le " haeba ($a) {} elseif ($a) {}"), qalo e sa fellang ea thepa ea ntho. Analyzer e sebetsa ka mokhoa oa likhoele tse ngata. Hoa khoneha ho etsa li-scans tse ntseng li eketseha, tse hlahlobang feela lifaele tse fetohileng ho tloha ha ho hlahlojoa ho qetela.

Ho phaella moo, lisebelisoa tse sireletsehileng tsa mananeo li fanoa ho lumella sebelisa litlhaloso ka sebopeho Docblock (“/** @var Type */”) ho fana ka tlhahisoleseding mabapi le mefuta e fapaneng, litekanyetso tsa ho khutlisa, litekanyetso tsa mosebetsi, thepa ea ntho. Ho boetse hoa tšehetsoa ho hlalosa mefuta ea ts'ebeliso le ho sebelisa lipolelo tse tiisitsoeng. Ka mohlala:

/** @var string|null */
$a = foo();

/** @var khoele $a */
echo strpos($a, 'hello');

/** @psalm-assert-haeba-nete B $a */
mosebetsi isValidB(A $a) : bool {
khutlisetsa $a mohlala oa B && $a->isValid();
}

Ho etsa hore ho felisoe mathata a fumanoeng, ho fanoa ka thuso ea Psalter, e tšehetsang li-plugins le e lumella rarolla mathata a tloaelehileng a khoutu, eketsa litlhaloso tsa mofuta, 'me u etse maqheka a kang ho tsamaisa lihlopha ho tloha sebakeng se seng sa mabitso ho ea ho se seng, mekhoa ea ho tsamaisa pakeng tsa lihlopha, le ho fetola lihlopha le mekhoa.

Tokollong e ncha ea Pesaleme kenngwa tshebetsong khetho ea "--taint-analysis" e u lumella ho sala morao kamano pakeng tsa liparamente tsa ho kenya tse amohetsoeng ho tsoa ho mosebelisi (mohlala, $_GET['name']) le ts'ebeliso ea tsona libakeng tse hlokang hore litlhaku li balehe (mohlala, echo " $lebitso "), ho kenyeletsoa ka ho latela liketane tsa likabelo tse mahareng le mehala ea ts'ebetso. Tšebeliso ea li-associative arrays $_GET, $_POST le $_COOKIE e nkoa e le mehloli ea boitsebiso bo ka bang kotsi, empa hape ho ka khoneha. moelelo mehloli ea eona. Liketso tse hlokang ho phonyoha ho lateloa li kenyelletsa mesebetsi e hlahisoang e hlahisang litaba tsa HTML, ho eketsa lihlooho tsa HTTP, kapa ho etsa lipotso tsa SQL.

Ho netefatsa ho sebelisoa ha ho sebelisoa mesebetsi e kang echo, exec, kenyeletsa le hlooho. Ha ho hlahlojoa tlhoko ea ho phonyoha, mefuta ea data e kang mongolo, likhoele tse nang le SQL, HTML le Shell code, likhoele tse nang le litekanyetso tsa netefatso li hlokomeloa. Mokhoa o sisintsoeng o u fa monyetla oa ho tseba likotsi ho khoutu tse lebisang ho cross-site scripting (XSS) kapa SQL substitution.

Ho phaella moo, e ka hlokomeloa qalo tlhahlobo ea alpha ea lekala le lecha la PHP 8.0. Tokollo e reriloe ka la 26 Pulungoana. Ho lebelletsoe tse latelang lekaleng le lecha: boiqapelorata:

  • Matlafatsa Moqapi oa JIT, tšebeliso ea eona e tla ntlafatsa tlhahiso.
  • tshehetso mefuta ea kopano, e hlalosang pokello ea mefuta e 'meli kapa ho feta (mohlala, "public function foo(Foo|Bar $input): int|float;").
  • tshehetso litšobotsi (litlhaloso) tse u lumellang ho kopanya metadata (joalo ka mofuta oa tlhaiso-leseling) litlelaseng ntle le ho sebelisa syntax ea Docblock.
  • Poleloana e khutsufalitsoeng litlhaloso tsa sehlopha, ho u lumella ho kopanya tlhaloso ea sehahi le thepa.
  • Mofuta o mocha oa ho khutlisa - ee sa fetoleng boemo.
  • Mofuta o mocha - tsoakane, e ka sebelisoang ho fumana hore na ts'ebetso e amohela liparamente tsa mefuta e fapaneng.
  • Tlhaloso lahlela ho sebetsana le mekgelo.
  • WeakMap ho theha lintho tse ka etsoang sehlabelo nakong ea ho bokella lithōle (mohlala, ho boloka li-cache tse sa hlokahaleng).
  • Monyetla ho sebelisa poleloana ":: class" bakeng sa lintho (tse tšoanang le ho bitsa get_class()).
  • Monyetla litlhaloso ka har'a boloko ba ho ts'oara mekhelo tse sa tlangoang ke mefuta e fapaneng.
  • Monyetla ho siea phegelwana kamora ntho ya ho qetela lenaneng la diparamente tsa tshebetso.
  • Sehokelo se secha Stringable ho tsebahatsa mefuta efe kapa efe ea likhoele kapa data e ka fetoloang khoele (eo mokhoa oa __toString() o leng teng).
  • Karolo e ncha str_contains(), analogue e nolofalitsoeng ea strpos bakeng sa ho khetholla ho hlaha ha khoele e nyenyane, hammoho le mesebetsi str_starts_with() le str_ends_with() bakeng sa ho hlahloba lipapali qalong le qetellong ea khoele.
  • Sebopeho se ekelitsoeng fdiv(), e etsang ts'ebetso ea karohano ntle le ho lahlela phoso ha e arola ka zero.
  • Fetohile khoele e kopanyang mohopolo. Ka mohlala, poleloana 'echo "kakaretso:" . $a + $b' e kile ea hlalosoa e le 'echo ("sum: " . $a) + $b', 'me ho PHP 8 e tla nkoa e le 'echo "sum:" . ($a + $b)'.
  • E tiisitsoe ho hlahloba lipalo le tšebetso ea li-bit, mohlala, lipoleloana "[] % [42]" le "$object + 4" li tla baka phoso.
  • E kentswe tshebetsong algorithm e tsitsitseng ea ho hlophisa moo tatellano ea boleng bo ts'oanang e bolokiloeng ho mathang a fapaneng.

Source: opennet.ru

Eketsa ka tlhaloso