#22344 closed defect (bug) (fixed)
Fatal error with asp_tags on
Reported by: | knutsp | Owned by: | koopersmith |
---|---|---|---|
Milestone: | 3.5 | Priority: | normal |
Severity: | blocker | Version: | 3.5 |
Component: | Media | Keywords: | has-patch |
Focuses: | Cc: |
Description
PHP Parse error: syntax error, unexpected ')', expecting '&' or T_VARIABLE in /wp-includes/media.php on line 1453
I upgraded to 3.5-beta2-22352 with the beta plugin, and got the "white screen of death" on one system, but not on another. Debugged and found this error. Uploaded a .user.ini file with the line asp_tags = Off to the root folder, and everything was back to normal.
It seems media.php uses a script templating method with <% %> as placeholders. This is dangerous and will break sites.
Attachments (3)
Change History (16)
#3
@
12 years ago
Changing this to use <?php echo '<%'; ?>
is really ugly and makes it much harder to work with. What if we change it to, say, <#
instead (_.template supports that)? It seems much cleaner.
I'll submit a patch for that, since changing it to echo it every time just doesn't make sense.
#4
@
12 years ago
- Keywords has-patch needs-testing added
Attached patch changes all instances of <%
in the output code into <#
(likewise for the closing tags) and sets Underscore up to use those instead. Looks like it's working perfectly to me, but I'd recommend double-checking in case I missed something.
#7
@
12 years ago
I stand in support of Mustache, partially because we've just begun Movember http://us.movember.com/
#8
@
12 years ago
- Keywords needs-patch added; has-patch needs-testing removed
koop has given support for Moustache-style, so I'll switch the patch over this afternoon.
#9
@
12 years ago
- Keywords has-patch added; needs-patch removed
New patch uses {{
instead of <%
, giving a Mustache-style templating. {{ a }}
is used for execution, {{= a }}
is used for interpolating and {{- a }}
is used for escaping.
I've tested this out, and it appears to work perfectly. Only breakage I can see being possible is if plugins are using wp.media.template()
with <% a %>
, but since it's not in an actual release version, that should be fine.
#10
@
12 years ago
An actual Mustache-inspired syntax would be something like this:
{{{a}}} - interpolating {{ a }} - escaping <# a #> - execution
No curly braces for executing because {{ if (...) { } }}
is confusing and Mustache (wisely IMO) doesn't support it anyway.
A counter argument would be that underscore doesn't support the majority of Mustache features, like blocks, comments etc.
I still think the {{escaped}}
and {{{unescaped}}}
syntax has merit, since it encourages escaping by default.
#11
@
12 years ago
Attached hybrid version, seems to be the best option. Only thing is, it's not totally Mustache-compliant. I don't think that'll matter too much personally, as long as we document this somewhere.
See also, IRC discussion on which method to use.
I agree this is an issue. Seems like all of these will need to be <?php echo '<%'; ?> instead. It is times like these I really, really don't like PHP.