PSR-11 is a PHP Standard Recommendation (PHP Standard Recommendation) that defines a Container Interface for dependency injection. It establishes a standard way to interact with dependency injection containers in PHP projects.
PSR-11 was introduced to ensure interoperability between different frameworks, libraries, and tools that use dependency injection containers. By adhering to this standard, developers can switch or integrate various containers without modifying their code.
PSR-11 specifies two main interfaces:
ContainerInterface
This is the central interface providing methods to retrieve and check services in the container.
namespace Psr\Container;
interface ContainerInterface {
public function get(string $id);
public function has(string $id): bool;
}
get(string $id)
: Returns the instance (or service) registered in the container under the specified ID.has(string $id)
: Checks whether the container has a service registered with the given ID.2. NotFoundExceptionInterface
This is thrown when a requested service is not found in the container.
namespace Psr\Container;
interface NotFoundExceptionInterface extends ContainerExceptionInterface {
}
3. ContainerExceptionInterface
A base exception for any general errors related to the container.
PSR-11 is widely used in frameworks like Symfony, Laravel, and Zend Framework (now Laminas), which provide dependency injection containers. Libraries like PHP-DI or Pimple also support PSR-11.
Here’s a basic example of using PSR-11:
use Psr\Container\ContainerInterface;
class MyService {
public function __construct(private string $message) {}
public function greet(): string {
return $this->message;
}
}
$container = new SomePSR11CompliantContainer();
$container->set('greeting_service', function() {
return new MyService('Hello, PSR-11!');
});
if ($container->has('greeting_service')) {
$service = $container->get('greeting_service');
echo $service->greet(); // Output: Hello, PSR-11!
}
PSR-11 is an essential interface for modern PHP development, as it standardizes dependency management and resolution. It promotes flexibility and maintainability in application development.
Dependency Injection (DI) is a design pattern in software development that aims to manage and decouple dependencies between different components of a system. It is a form of Inversion of Control (IoC) where the control over the instantiation and lifecycle of objects is transferred from the application itself to an external container or framework.
The main goal of Dependency Injection is to promote loose coupling and high testability in software projects. By explicitly providing a component's dependencies from the outside, the code becomes easier to test, maintain, and extend.
There are three main types of Dependency Injection:
1. Constructor Injection: Dependencies are provided through a class constructor.
public class Car {
private Engine engine;
// Dependency is injected via the constructor
public Car(Engine engine) {
this.engine = engine;
}
}
2. Setter Injection: Dependencies are provided through setter methods.
public class Car {
private Engine engine;
// Dependency is injected via a setter method
public void setEngine(Engine engine) {
this.engine = engine;
}
}
3. Interface Injection: Dependencies are provided through an interface that the class implements.
public interface EngineInjector {
void injectEngine(Car car);
}
public class Car implements EngineInjector {
private Engine engine;
@Override
public void injectEngine(Car car) {
car.setEngine(new Engine());
}
}
To better illustrate the concept, let's look at a concrete example in Java.
public class Car {
private Engine engine;
public Car() {
this.engine = new PetrolEngine(); // Tight coupling to PetrolEngine
}
public void start() {
engine.start();
}
}
In this case, the Car
class is tightly coupled to a specific implementation (PetrolEngine
). If we want to change the engine, we must modify the code in the Car
class.
public class Car {
private Engine engine;
// Constructor Injection
public Car(Engine engine) {
this.engine = engine;
}
public void start() {
engine.start();
}
}
public interface Engine {
void start();
}
public class PetrolEngine implements Engine {
@Override
public void start() {
System.out.println("Petrol Engine Started");
}
}
public class ElectricEngine implements Engine {
@Override
public void start() {
System.out.println("Electric Engine Started");
}
}
Now, we can provide the Engine
dependency at runtime, allowing us to switch between different engine implementations easily:
public class Main {
public static void main(String[] args) {
Engine petrolEngine = new PetrolEngine();
Car carWithPetrolEngine = new Car(petrolEngine);
carWithPetrolEngine.start(); // Output: Petrol Engine Started
Engine electricEngine = new ElectricEngine();
Car carWithElectricEngine = new Car(electricEngine);
carWithElectricEngine.start(); // Output: Electric Engine Started
}
}
Many frameworks and libraries support and simplify Dependency Injection, such as:
Dependency Injection is not limited to a specific programming language and can be implemented in many languages. Here are some examples:
public interface IEngine {
void Start();
}
public class PetrolEngine : IEngine {
public void Start() {
Console.WriteLine("Petrol Engine Started");
}
}
public class ElectricEngine : IEngine {
public void Start() {
Console.WriteLine("Electric Engine Started");
}
}
public class Car {
private IEngine _engine;
// Constructor Injection
public Car(IEngine engine) {
_engine = engine;
}
public void Start() {
_engine.Start();
}
}
// Usage
IEngine petrolEngine = new PetrolEngine();
Car carWithPetrolEngine = new Car(petrolEngine);
carWithPetrolEngine.Start(); // Output: Petrol Engine Started
IEngine electricEngine = new ElectricEngine();
Car carWithElectricEngine = new Car(electricEngine);
carWithElectricEngine.Start(); // Output: Electric Engine Started
In Python, Dependency Injection is also possible, and it's often simpler due to the dynamic nature of the language:
class Engine:
def start(self):
raise NotImplementedError("Start method must be implemented.")
class PetrolEngine(Engine):
def start(self):
print("Petrol Engine Started")
class ElectricEngine(Engine):
def start(self):
print("Electric Engine Started")
class Car:
def __init__(self, engine: Engine):
self._engine = engine
def start(self):
self._engine.start()
# Usage
petrol_engine = PetrolEngine()
car_with_petrol_engine = Car(petrol_engine)
car_with_petrol_engine.start() # Output: Petrol Engine Started
electric_engine = ElectricEngine()
car_with_electric_engine = Car(electric_engine)
car_with_electric_engine.start() # Output: Electric Engine Started
Dependency Injection is a powerful design pattern that helps developers create flexible, testable, and maintainable software. By decoupling components and delegating the control of dependencies to a DI framework or container, the code becomes easier to extend and understand. It is a central concept in modern software development and an essential tool for any developer.
Inversion of Control (IoC) is a concept in software development that refers to reversing the flow of control in a program. Instead of the code itself managing the flow and instantiation of dependencies, this control is handed over to a framework or container. This facilitates the decoupling of components and promotes higher modularity and testability of the code.
Here are some key concepts and principles of IoC:
Dependency Injection (DI): One of the most common implementations of IoC. In Dependency Injection, a component does not instantiate its dependencies; instead, it receives them from the IoC container. There are three main types of injection:
Event-driven Programming: In this approach, the program flow is controlled by events managed by a framework or event manager. Instead of the code itself deciding when certain actions should occur, it reacts to events triggered by an external control system.
Service Locator Pattern: Another pattern for implementing IoC. A service locator provides a central registry where dependencies can be resolved. Classes ask the service locator for the required dependencies instead of creating them themselves.
Aspect-oriented Programming (AOP): This involves separating cross-cutting concerns (like logging, transaction management) from the main application code and placing them into separate modules (aspects). The IoC container manages the integration of these aspects into the application code.
Advantages of IoC:
An example of IoC is the Spring Framework in Java, which provides an IoC container that manages and injects the dependencies of components.
Server Side Includes (SSI) is a technique that allows HTML documents to be dynamically generated on the server side. SSI uses special commands embedded within HTML comments, which are interpreted and executed by the web server before the page is sent to the user's browser.
Functions and Applications of SSI:
Including Content: SSI allows content from other files or dynamic sources to be inserted into an HTML page. For example, you can reuse a header or footer across multiple pages by placing it in a separate file and including that file with SSI.
<!--#include file="header.html"-->
Executing Server Commands: With SSI, server commands can be executed to generate dynamic content. For example, you can display the current date and time.
<!--#echo var="DATE_LOCAL"-->
Environment Variables: SSI can display environment variables that contain information about the server, the request, or the user.
<!--#echo var="REMOTE_ADDR"-->
Conditional Statements: SSI supports conditional statements that allow content to be shown or hidden based on certain conditions.
<!--#if expr="$REMOTE_ADDR = "127.0.0.1" -->
Welcome, local user!
<!--#else -->
Welcome, remote user!
<!--#endif -->
Advantages of SSI:
Disadvantages of SSI:
SSI is a useful technique for creating and managing websites, especially when it comes to integrating reusable and dynamic content easily. However, its use should be carefully planned and implemented to avoid performance and security issues.
Server Side Includes (SSI) Injection is a security vulnerability that occurs in web applications that use Server Side Includes (SSI). SSI is a technique allowing HTML files to be dynamically generated on the server by embedding special commands within HTML comments. These commands are interpreted and executed by the web server before the page is delivered to the client.
How does SSI Injection work?
In an SSI Injection attack, an attacker injects malicious SSI commands into input fields, URLs, or other mechanisms through which the application accepts user data. If the application does not properly validate and filter these inputs, the injected commands can be executed on the server.
Example of an SSI command:
<!--#exec cmd="ls"-->
This command would list the contents of the current directory on a vulnerable server.
Potential impacts of SSI Injection:
Mitigation measures against SSI Injection:
By implementing these measures, the risk of SSI Injection can be significantly reduced.
CWE stands for "Common Weakness Enumeration." It is a standardized list of known security vulnerabilities and weaknesses commonly found in software applications and systems. Managed and maintained by the MITRE Corporation, a nonprofit organization, CWE serves as a reference for security professionals, developers, and organizations to identify, understand, and address vulnerabilities.
CWE contains several hundred entries, each with a unique number and description, categorized into various groups, including injection flaws, cross-site scripting (XSS), authentication issues, sensitive data exposure, and cryptographic weaknesses.
It serves as a valuable tool for risk assessment, security analysis, and software development, helping developers understand and mitigate security vulnerabilities before they can be exploited. CWE is often used in conjunction with other security standards and guidelines, such as the Common Vulnerability Scoring System (CVSS) and the OWASP Top Ten.