I think you may find people more receptive to something like this if it's built as a Composer package.
One of the most important aspects of a PHP framework to me is the ease with which you can add or swap out libraries - and being able to include things with Composer and use its autoloading features would make a framework more modular and easier to manage and extend in the future.
Having your own extension system is fine and perfectly valid, but a lot of people have already invested in the existing package manager and PSR-0, and will expect to be able to use it in for their projects.
As far as the rest of it, I would mention the use of the deprecated (and highly vulnerable) sql_* functions and the lack of xss protection in the templates but I assume changes to those would be forthcoming.
I like the lack of abstraction and the built-in MVC, though I think people used to Rails-style routers in other frameworks like Laravel might wind up a bit put off.
Thanks for the feedback!
Next in the development pipeline I have few of these issues.
Basically this was evolved out of a small project (read Failed ).
Next version will include
* Clean database layer
* Packaging
* Template engine
* xss protection (thanks to you!)
I have to consider your thoughts on extensions, in any case its the second priority.
I know from personal experience how nasty raw PHP templating can be, in a sprawling codebase where no one ever considered that simply echoing variables that came from the database or from request variables might be a bad idea.
It makes even a simple framework more complicated but people use frameworks to not have to be bothered about that sort of thing.
Definitely, Since it was all personal requirement It was designed like this. I will start cleaning it up. and of course the cheat sheet will reduce lot of my research.
I think you should discontinue this piece of crap. It even probably (depends on whether you perform some sort of sanitization before passing request) has SQL injection vulnerability in your "todo" app example. And it looks like piece of crap that would noone ever use.
You got a point. However, calling somebody's creation a "piece of crap" is not very forthcoming, specially when you are not even sure about your own point : "It even PROBABLY has SQL..."
You seem to have just created this account to put this unsolicited comment (23 hours ago, really?).
LOL, funny. With a little bit of tweak Flubber is one of the most versatile framework of its class.
"And it looks like piece of crap that would no one ever use."
I have used Flubber(customized) extensively for projects that Codeigniter or Zend couldn't even tackle. I've used flubber for throwing browser based multi-player games.
So please get your facts right.
And by the way, could you please share your open-source contributions?
8 comments
[ 2.6 ms ] story [ 33.3 ms ] threadOne of the most important aspects of a PHP framework to me is the ease with which you can add or swap out libraries - and being able to include things with Composer and use its autoloading features would make a framework more modular and easier to manage and extend in the future.
Having your own extension system is fine and perfectly valid, but a lot of people have already invested in the existing package manager and PSR-0, and will expect to be able to use it in for their projects.
As far as the rest of it, I would mention the use of the deprecated (and highly vulnerable) sql_* functions and the lack of xss protection in the templates but I assume changes to those would be forthcoming.
I like the lack of abstraction and the built-in MVC, though I think people used to Rails-style routers in other frameworks like Laravel might wind up a bit put off.
I have to consider your thoughts on extensions, in any case its the second priority.
It makes even a simple framework more complicated but people use frameworks to not have to be bothered about that sort of thing.
You may want to take a look at this before proceeding: https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
You seem to have just created this account to put this unsolicited comment (23 hours ago, really?).
You should stop being so poisonous :-)
"And it looks like piece of crap that would no one ever use."
I have used Flubber(customized) extensively for projects that Codeigniter or Zend couldn't even tackle. I've used flubber for throwing browser based multi-player games.
So please get your facts right.
And by the way, could you please share your open-source contributions?