Index framework global helpers loaded outside Composer autoload#175
Open
dereuromark wants to merge 1 commit into
Open
Index framework global helpers loaded outside Composer autoload#175dereuromark wants to merge 1 commit into
dereuromark wants to merge 1 commit into
Conversation
Some frameworks ship their global function aliases in a `*_global.php` file that sits beside an autoloaded `functions.php` but is pulled in by the application bootstrap rather than Composer's `files` autoload, so it never appears in `autoload_files.php`. CakePHP is the canonical case: `src/Core/functions_global.php` defines `__`, `h`, `env`, `pr`, ... and is loaded via `require CAKE . 'functions.php'` in `config/bootstrap.php`. The autoload-file scan only followed `autoload_files.php` and their require_once chains, so these globals were invisible and every `__()` call reported "unknown function". On a real CakePHP 5 app this was about 1000 of 1330 analyze findings (968 of them just `__`). Seed the scan with any `*_global.php` sibling of an autoload entry. The lookup is anchored to existing autoload entries (one read_dir per unique directory) instead of a blind walk of the vendor tree, and the existing full-parse pass picks up the function_exists-guarded definitions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Global functions defined in
vendor/are reported asunknown_functionwhen their definition file is loaded by the framework's own bootstrap rather than Composer'sfilesautoload.CakePHP is the canonical case. Its global aliases (
__,h,env,pr,debug,collection, ...) live invendor/cakephp/cakephp/src/*/functions_global.php. Those files are not listed inautoload_files.php. They are pulled in by the app bootstrap:scan_autoload_filesonly seeds fromautoload_files.php(and followsrequire_oncechains out of those), so the*_global.phpsiblings are never reached. Every__()call - the single most common helper in a Cake template/controller - resolves to "unknown function".Measured impact
analyzeon a real CakePHP 5 application:unknown_function__)A 74% drop in total findings; the remaining 15
unknown_functionare unrelated parse edge cases, not globals.Fix
For each file already listed in
autoload_files.php, also seed any sibling in the same directory whose name ends in_global.php. The existing pipeline then handles the rest: the eager full-parse inpreload_autoload_filespicks up thefunction_exists-guarded definitions (depth > 0) that the byte scan skips.The lookup is anchored to existing autoload entries - one
read_dirper unique directory - rather than a blind walk of the vendor tree, so the cost is bounded and proportional to the autoload-files set. Indexing extra global-function files is purely additive (more resolvable symbols), so there is no risk of changing existing resolution.This is framework-agnostic: any package that ships a
<name>_global.phpbeside an autoloaded helper benefits. CakePHP is just the most prominent example.