Development & Code Standards (beta)
Considering the huge immediate benefit of cleaning Pixie's code up, we can trial this on line tool :
Suggest using the following settings :
Indentation style : K&R Style. (Tried PEAR style - found it hard to read.)
Indent with : Tabs.
Starting indentation : 0.
Indentation : 1. (Tried 2 - was too spaced out.)
Remove empty lines : (True.)
Align assignments statements nicely : (True.)
(No other options selected.)
Initial results are good. It looks to be a very useful tool and will make the bulk of this work much easier.
Not to be used, since not all web hosts support them. Use :
Document ending php close tags must not have a preceding empty space or line. Using document closing tags is not recommended because the php interpreter closes itself at the end of each script regardless.
Indent code using tabs, not spaces (perhaps some screenshots of settings to change in popular applications - e.g. Notepad++, Scintilla based apps like Programmers Notepad2?) One indentation is a double tab key tap (Double tap.)
Use Linux / Unix style line endings (LF)
Type commenting for informative messages and developer info.
For warnings or critical information.
File content and license descriptors like this :
At the top of every file, so that ide(s) such as kdevelop, (http://www.kdevelop.org/) netbeans, (http://netbeans.org/features/php/) Eclipse for PHP Developers (http://www.eclipse.org/) Or any syntax highlighting enabled text editor can understand them better. Anyone who edits the file adds their name to an @author statement, so it's easy to spot who has been working on it.
UTF-8 (Highly recommended as the default.)
Pixie's php code uses TRUE, FALSE and NULL (Must be upper case.) To check for a TRUE, FALSE and NULL value in a variable, constant or index use the code :
Notice that the === means exactly (In this case) NULL.
All variables and arrays a part from the super globals and $this should be prefixed with the string :
Doing so will mitigate the security hole open by using :
Then we can use :
Globally. Currently, the files index.php, admin/index.php, admin/admin/modules/ajaxfileupload.php and admin/install/createuser.php still use extract on the :
Super global and although there are measures in place to prevent an exploit in that method, we should really make this change to completely sure up the code.
I propose that this very big change in Pixie's variables occurs after this standards guide is approved and the standards are applied to Pixie's code. Therefore, applying the change will be easier and bugs easier to find, if the code is easier to read. Yes this must be done to secure Pixie correctly and yes it is a huge problem that could lead to module incompatibilities and all other sorts of trouble. Alternative method suggestions are welcome. However, there doesn't instantly appear to be any other way to secure Pixie due to the extremely liberal use of extract on the request super global.
Variables, indexes and offsets must always be defined prior to use. And be defined as NULL first if the variable can result in undefined (Unset) Should it's TRUE or FALSE return result in conditional operation and\or expression.
Seeing as :
To predefine variables as null, use this type of code :
Seeing as :
Does not work because php will throw an undefined message due to the fact it can not check and compare nothing against nothing.
is just plain uninformative and can't be checked to see if it's value is NULL.
instead of :
php is much faster when the coupled variables are expressed by wrapping them as one in quotation marks and then wrapping each variable inside the quotation marks individually as an expression (Using curly braces.) Spaces in between variables wrapped in curly braces, which are wrapped by double quotes are verbatim (Exactly as seen.)
We use spaces between individual conditional statements like this :
Not like this :
It's much easier to read the first example.
Single conditional statements in a similar manner :
It makes adding additional conditional statements in future (Like an or, &&, >, /) To each statement easier.