Upload
michael-spector
View
3.705
Download
1
Tags:
Embed Size (px)
DESCRIPTION
PHP Development Tools 2.0 for users and adopters.
Citation preview
Copyright © 2007, Zend Technologies Inc.
PHP Development Tools 2.0 – Success Story.Michael Spector,
Zend Technologies
Project History |
Apr 8, 2023| 2
Overview
• PDT 1.0 history• PDT NG goals• Dynamic languages toolkit (DLTK)• PDT 2.0 features• Extending PDT example• Q&A
Project History |
Apr 8, 2023| 3
Project history
• Project creation review in March 2006.• First release in September 2007.• Initial contribution by IBM and Zend.
Project History |
Apr 8, 2023| 4
PDT 1.0 requirements
• Providing developers with PHP capabilities: Source editing:
• Code Assist• Syntax coloring• Code folding• Open Declaration (CTRL + click)• Annotations (task, breakpoints, CVS)
Code Inspection & Navigation:• PHP Explorer View• Outline View• Open PHP Element
Debugging:• Local script debugging.• Remote application debugging.
Project History |
Apr 8, 2023| 5
PDT 1.0 : initial design
WST Source Editing
PHP Source EditingPHP Model
PHP Explorer Project Outline Outline
PHPDebugger
Name of this section |
Apr 8, 2023| 6
PDT next generation: goals
• Performance & scalability improvements. Model memory management improvement. Model change notifications narrowing.
• Create type binding infrastructure that can be reused for: Better code assist. Static analysis tool. Refactoring.
• Ability to separate resources from code.• More JDT-like features.
Name of this section |
Apr 8, 2023| 7
Best practices: JDT
JDT
JDT Clones
JSDTRDT DLTKCDT…
DLTK Extenders
DLTKTCL
DLTKRuby
PDTDLTK
JavaScript …
Name of this section |
Apr 8, 2023| 8
What does DLTK provide?
Core
Indexer
Build Path
Problems Reporting
Type Inference
Type Hierarchy
Validation
Search Engine
…
UI
Script Explorer
Outline
Type Hierarchy
Call Hierarchy
Open Element
Editor
Actions
…
Extra
Mylyn
RSE
Debug
Interpreters
DBGP
Debug UI
Name of this section |
Apr 8, 2023| 9
New design
PHPDebugger
WST Source Editing
PHP Source Editing
DLTK Core
PHP Enabler
DLTK UI
PHP Enabler
Copyright © 2007, Zend Technologies Inc.
PHP Development Tools 2.0 Features
Name of this section |
Apr 8, 2023| 11
Lighter & Faster
• Utilizing proven DLTK (JDT) indexing mechanism. No more loading model into memory on startup. Granulated search mechanism.
• Optimized memory management. Limited memory usage by most recently used elements and
AST.
Name of this section |
Apr 8, 2023| 12
Build Path configuration
• Ability to separate application code from resources.
Name of this section |
Apr 8, 2023| 13
Mark occurrences
• Highlight all occurrences of the selected element:
• Highlight all method exit points:
And more…
Name of this section |
Apr 8, 2023| 14
Override annotations
• Triangle annotation indicates overridden or implemented method:
Name of this section |
Apr 8, 2023| 15
Type Hierarchy
• Makes easier understanding the hierarchy of class or interface.
Name of this section |
Apr 8, 2023| 16
Smart Code Assist
• Sophisticated code assist proposals using type inference.
Name of this section |
Apr 8, 2023| 17
PHP 5.3 support (PDT 2.1)
• Choose PHP 5.3 version when creating a project:
• Code Assist:
• PHP Explorer & Outline:
Copyright © 2007, Zend Technologies Inc.
Extending PHP Development Tools 2.0
Name of this section |
Apr 8, 2023| 19
XSS in PHP #1
• What’s wrong with the following code?
• Calling this script normally:
Name of this section |
Apr 8, 2023| 20
XSS in PHP #2
• What happens if the following URL is used?
• Solution:
Name of this section |
Apr 8, 2023| 21
XSS protection plug-in example
• Warn PHP developer when script parameters are accessed in a non-“safe” way.
• Input is considered “safe” when it’s passed through htmlentities() PHP function.
Name of this section |
Apr 8, 2023| 22
XSS protection plug-in example (step 1)
• Step #1: Create new plug-in• Step #2: Add build participant extension:
Name of this section |
Apr 8, 2023| 23
XSS protection plug-in example (step 2)
• Build participant factory
• Implement build participant
Name of this section |
Apr 8, 2023| 24
AST search algorithm
ModuleDeclaration
PHPCall
Expression
ArrayVariable
Reference
(htmlentities())
($_GET[“name”])
(PHP script root node)
………
1. Process PHP script AST.
2. When function call node is met, and it’s a htmlentities() call – remember this node.
3. When special array variable is met – verify that the parent was htmlentities() function call.
Name of this section |
Apr 8, 2023| 25
XSS protection plug-in example (step 3)
• Determine the function call name:
Name of this section |
Apr 8, 2023| 26
XSS protection plug-in example
• “Catch” unsafe references:
Name of this section |
Apr 8, 2023| 27
XSS protection plug-in example (hooray!)
• Final result:
Name of this section |
Apr 8, 2023| 28
PDT Adopters
Zend Studio for Eclipse
IBM REST Development Framework
Aspect PHP Development Tools
Smarty Support for PDT
http://www.zend.com/en/products/studio/
http://www.projectzero.org/
http://code.google.com/p/apdt/
http://code.google.com/p/smartypdt/
Name of this section |
Apr 8, 2023| 29
Additional Resources
• PDT site: http://www.eclipse.org/pdt
• PDT download: http://download.eclipse.org/tools/pdt/downloads
• Extending PDT examples: http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.pdt/examples/?root=Tools
_Project
• PDT bundle with local debugger: http://www.zend.com/en/community/pdt
• PHP stack download: http://www.zend.com/en/community/zend-server-ce
Name of this section |
Apr 8, 2023| 30
Thank You