php development tools 2.0 - success story

Copyright © 2007, Zend Technologies Inc.

PHP Development Tools 2.0 – Success Story.Michael Spector,

Zend Technologies

Project History |

Apr 8, 2023| 2

Overview

• PDT 1.0 history• PDT NG goals• Dynamic languages toolkit (DLTK)• PDT 2.0 features• Extending PDT example• Q&A

Project History |

Apr 8, 2023| 3

Project history

• Project creation review in March 2006.• First release in September 2007.• Initial contribution by IBM and Zend.

Project History |

Apr 8, 2023| 4

PDT 1.0 requirements

• Providing developers with PHP capabilities: Source editing:

• Code Assist• Syntax coloring• Code folding• Open Declaration (CTRL + click)• Annotations (task, breakpoints, CVS)

Code Inspection & Navigation:• PHP Explorer View• Outline View• Open PHP Element

Debugging:• Local script debugging.• Remote application debugging.

Project History |

Apr 8, 2023| 5

PDT 1.0 : initial design

WST Source Editing

PHP Source EditingPHP Model

PHP Explorer Project Outline Outline

PHPDebugger

Name of this section |

Apr 8, 2023| 6

PDT next generation: goals

• Performance & scalability improvements. Model memory management improvement. Model change notifications narrowing.

• Create type binding infrastructure that can be reused for: Better code assist. Static analysis tool. Refactoring.

• Ability to separate resources from code.• More JDT-like features.

Name of this section |

Apr 8, 2023| 7

Best practices: JDT

JDT

JDT Clones

JSDTRDT DLTKCDT…

DLTK Extenders

DLTKTCL

DLTKRuby

PDTDLTK

JavaScript …

Name of this section |

Apr 8, 2023| 8

What does DLTK provide?

Core

Indexer

Build Path

Problems Reporting

Type Inference

Type Hierarchy

Validation

Search Engine

…

UI

Script Explorer

Outline

Type Hierarchy

Call Hierarchy

Open Element

Editor

Actions

…

Extra

Mylyn

RSE

Debug

Interpreters

DBGP

Debug UI

Name of this section |

Apr 8, 2023| 9

New design

PHPDebugger

WST Source Editing

PHP Source Editing

DLTK Core

PHP Enabler

DLTK UI

PHP Enabler

Copyright © 2007, Zend Technologies Inc.

PHP Development Tools 2.0 Features

Name of this section |

Apr 8, 2023| 11

Lighter & Faster

• Utilizing proven DLTK (JDT) indexing mechanism. No more loading model into memory on startup. Granulated search mechanism.

• Optimized memory management. Limited memory usage by most recently used elements and

AST.

Name of this section |

Apr 8, 2023| 12

Build Path configuration

• Ability to separate application code from resources.

Name of this section |

Apr 8, 2023| 13

Mark occurrences

• Highlight all occurrences of the selected element:

• Highlight all method exit points:

And more…

Name of this section |

Apr 8, 2023| 14

Override annotations

• Triangle annotation indicates overridden or implemented method:

Name of this section |

Apr 8, 2023| 15

Type Hierarchy

• Makes easier understanding the hierarchy of class or interface.

Name of this section |

Apr 8, 2023| 16

Smart Code Assist

• Sophisticated code assist proposals using type inference.

Name of this section |

Apr 8, 2023| 17

PHP 5.3 support (PDT 2.1)

• Choose PHP 5.3 version when creating a project:

• Code Assist:

• PHP Explorer & Outline:

Copyright © 2007, Zend Technologies Inc.

Extending PHP Development Tools 2.0

Name of this section |

Apr 8, 2023| 19

XSS in PHP #1

• What’s wrong with the following code?

• Calling this script normally:

Name of this section |

Apr 8, 2023| 20

XSS in PHP #2

• What happens if the following URL is used?

• Solution:

Name of this section |

Apr 8, 2023| 21

XSS protection plug-in example

• Warn PHP developer when script parameters are accessed in a non-“safe” way.

• Input is considered “safe” when it’s passed through htmlentities() PHP function.

Name of this section |

Apr 8, 2023| 22

XSS protection plug-in example (step 1)

• Step #1: Create new plug-in• Step #2: Add build participant extension:

Name of this section |

Apr 8, 2023| 23

XSS protection plug-in example (step 2)

• Build participant factory

• Implement build participant

Name of this section |

Apr 8, 2023| 24

AST search algorithm

ModuleDeclaration

PHPCall

Expression

ArrayVariable

Reference

(htmlentities())

($_GET[“name”])

(PHP script root node)

………

1. Process PHP script AST.

2. When function call node is met, and it’s a htmlentities() call – remember this node.

3. When special array variable is met – verify that the parent was htmlentities() function call.

Name of this section |

Apr 8, 2023| 25

XSS protection plug-in example (step 3)

• Determine the function call name:

Name of this section |

Apr 8, 2023| 26

XSS protection plug-in example

• “Catch” unsafe references:

Name of this section |

Apr 8, 2023| 27

XSS protection plug-in example (hooray!)

• Final result:

Name of this section |

Apr 8, 2023| 28

PDT Adopters

Zend Studio for Eclipse

IBM REST Development Framework

Aspect PHP Development Tools

Smarty Support for PDT

http://www.zend.com/en/products/studio/

http://www.projectzero.org/

http://code.google.com/p/apdt/

http://code.google.com/p/smartypdt/

Name of this section |

Apr 8, 2023| 29

Additional Resources

• PDT site: http://www.eclipse.org/pdt

• PDT download: http://download.eclipse.org/tools/pdt/downloads

• Extending PDT examples: http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.pdt/examples/?root=Tools

_Project

• PDT bundle with local debugger: http://www.zend.com/en/community/pdt

• PHP stack download: http://www.zend.com/en/community/zend-server-ce

Name of this section |

Apr 8, 2023| 30

Thank You