The document discusses the history and features of PHP Development Tools (PDT). PDT 1.0 was initially contributed by IBM and Zend in 2007, providing PHP capabilities like code assist, debugging, and navigation views. PDT 2.0 utilizes the Dynamic Languages Toolkit to be lighter and faster, with improved memory management and new features like build path configuration, mark occurrences, and type hierarchy. The document provides an example of extending PDT by creating a plugin to warn of potential cross-site scripting vulnerabilities.
2. Overview
• PDT 1.0 history
• PDT NG goals
• Dynamic languages toolkit (DLTK)
• PDT 2.0 features
• Extending PDT example
• Q&A
Project History | 2-Apr-09 | 2
3. Project history
• Project creation review in March 2006.
• First release in September 2007.
• Initial contribution by IBM and Zend.
Project History | 2-Apr-09 | 3
4. PDT 1.0 requirements
• Providing developers with PHP capabilities:
Source editing:
• Code Assist
• Syntax coloring
• Code folding
• Open Declaration (CTRL + click)
• Annotations (task, breakpoints, CVS)
Code Inspection & Navigation:
• PHP Explorer View
• Outline View
• Open PHP Element
Debugging:
• Local script debugging.
• Remote application debugging.
Project History | 2-Apr-09 | 4
5. PDT 1.0 : initial design
PHP Source Editing
PHP Model
WST Source Editing
PHP
Debugger
PHP Explorer Project Outline Outline
Project History | 2-Apr-09 | 5
6. PDT next generation: goals
• Performance & scalability improvements.
Model memory management improvement.
Model change notifications narrowing.
• Create type binding infrastructure that can be
reused for:
Better code assist.
Static analysis tool.
Refactoring.
• Ability to separate resources from code.
• More JDT-like features.
Name of this section | 2-Apr-09 | 6
7. Best practices: JDT
JDT
JDT Clones
CDT RDT DLTK JSDT
…
DLTK Extenders
DLTK DLTK DLTK
PDT
…
JavaScript Ruby TCL
Name of this section | 2-Apr-09 | 7
8. What does DLTK provide?
Core UI Debug Extra
Indexer Script Explorer Interpreters Mylyn
Search Engine Outline DBGP RSE
Problems
Type Hierarchy Debug UI
Reporting
Validation Call Hierarchy
Build Path Open Element
Type Inference Editor
Type Hierarchy Actions
…
…
Name of this section | 2-Apr-09 | 8
9. New design
PHP Source Editing PHP Enabler
WST Source Editing DLTK Core
PHP Enabler
PHP
Debugger
DLTK UI
Name of this section | 2-Apr-09 | 9
11. Lighter & Faster
• Utilizing proven DLTK (JDT) indexing mechanism.
No more loading model into memory on startup.
Granulated search mechanism.
• Optimized memory management.
Limited memory usage by most recently used elements and
AST.
Name of this section | 2-Apr-09 | 11
12. Build Path configuration
• Ability to separate application code from
resources.
Name of this section | 2-Apr-09 | 12
13. Mark occurrences
• Highlight all occurrences of the selected element:
• Highlight all method exit points:
And more…
Name of this section | 2-Apr-09 | 13
14. Override annotations
• Triangle annotation indicates overridden or implemented method:
Name of this section | 2-Apr-09 | 14
15. Type Hierarchy
• Makes easier understanding the hierarchy of class or
interface.
Name of this section | 2-Apr-09 | 15
16. Smart Code Assist
• Sophisticated code assist proposals using type inference.
Name of this section | 2-Apr-09 | 16
17. PHP 5.3 support (PDT 2.1)
• Choose PHP 5.3 version when creating a project:
• Code Assist:
• PHP Explorer & Outline:
Name of this section | 2-Apr-09 | 17
19. XSS in PHP #1
• What’s wrong with the following code?
• Calling this script normally:
Name of this section | 2-Apr-09 | 19
20. XSS in PHP #2
• What happens if the following URL is used?
• Solution:
Name of this section | 2-Apr-09 | 20
21. XSS protection plug-in example
• Warn PHP developer when script parameters are
accessed in a non-“safe” way.
• Input is considered “safe” when it’s passed
through htmlentities() PHP function.
Name of this section | 2-Apr-09 | 21
22. XSS protection plug-in example (step 1)
• Step #1: Create new plug-in
• Step #2: Add build participant extension:
Name of this section | 2-Apr-09 | 22
23. XSS protection plug-in example (step 2)
• Build participant factory
• Implement build participant
Name of this section | 2-Apr-09 | 23
24. AST search algorithm
1. Process PHP script AST. Module
(PHP script root node)
Declaration
2. When function call node is
………
met, and it’s a htmlentities()
call – remember this node.
PHP
(htmlentities())
Call
3. When special array variable is Expression
met – verify that the parent
was htmlentities() function
Array
call. ($_GET[“name”])
Variable
Reference
Name of this section | 2-Apr-09 | 24
25. XSS protection plug-in example (step 3)
• Determine the function call name:
Name of this section | 2-Apr-09 | 25
26. XSS protection plug-in example
• “Catch” unsafe references:
Name of this section | 2-Apr-09 | 26
27. XSS protection plug-in example (hooray!)
• Final result:
Name of this section | 2-Apr-09 | 27
28. PDT Adopters
Zend Studio for Eclipse
http://www.zend.com/en/products/studio/
IBM REST Development Framework
http://www.projectzero.org/
Aspect PHP Development Tools
http://code.google.com/p/apdt/
Smarty Support for PDT
http://code.google.com/p/smartypdt/
Name of this section | 2-Apr-09 | 28
29. Additional Resources
• PDT site:
http://www.eclipse.org/pdt
• PDT download:
http://download.eclipse.org/tools/pdt/downloads
• Extending PDT examples:
http://dev.eclipse.org/viewcvs/index.cgi/org.eclipse.pdt/examples/?root=Tools_
Project
• PDT bundle with local debugger:
http://www.zend.com/en/community/pdt
• PHP stack download:
http://www.zend.com/en/community/zend-server-ce
Name of this section | 2-Apr-09 | 29
30. Thank You
Name of this section | 2-Apr-09 | 30