arout / diamondphp Goto Github PK

Example use case:

// Controller file
$data = [ 'name' => ['John', 'Doe' ], 'address' => [ '123 Main St.', 'Springfield', 'MO' ] ]

$user = $this->toolbox('sanitize)->xss($data);
foreach( $user as $info )
{
    echo $info['name'][0] . ' '  . $info['name'][1];
}

In https://github.com/arout/diamondphp/blob/master/app/code/core/system/global.php#L6, a global declare(strict_types=1); is called. This command, however, works on a per-file basis and should therefor be the first operation in every single PHP file in the repo to take any effect.

Currently, it only affects calls to methods and functions declared inside app/code/core/system/global.php, but there aren't any there.

For more information, please refer to http://php.net/manual/en/functions.arguments.php#functions.arguments.type-declaration.strict

Hello

It would be a good idea to adhere to the standards dictated by the PHP-FIG group; specifically the PSR-2 standard: http://www.php-fig.org/psr/psr-2/

It will be way easier to read the code :)

Since composer.json and composer.lock. Will keep your dependencies up-to-date I would recommend ignoring the vendor directory with .gitignore.

See here for more information on this:
https://getcomposer.org/doc/faqs/should-i-commit-the-dependencies-in-my-vendor-directory.md

At this time, access to the core/module code is mitigated by having an index.html file in each module, but this is far from secure - anyone with knowledge of the project's structure could reach arbitrary files by simply typing their path into the address bar of their browser.

Ideally, this would mean having a separate web root that does not contain any core/module code and/or templates, but instead only contains the index.php file and whatever frontend assets need to be reachable from the client's browser.

Instead of having a static configuration per project you could make use of an environment file that populates generic Config settings.

Example:
Project A will be released under a different branch name, now you have to clone the repo and commit configuration changes, or adjust them manually. Database credentials is a perfect example.
Using a (generated) environment file you don't have this inside your codebase.

Take a look at: https://github.com/vlucas/phpdotenv.
or, if still alive: https://github.com/hassankhan/config