Yawp is a single PEAR-compliant class that encapsulates a number of other PEAR classes, and ties them all together with a simple configuration file. This release provides a minor functionality improvement.
Previously, when a hook script was called, it would be included directly in the calling code (e.g., a ‘start’ hook would be include()-ed in the middle of the Yawp::start() method; same for login, logout, and authErr hooks). This means it would be possible for the included script to use (and possibly overwrite) variables in the calling Yawp method; while not a security violation, that kind of thing could lead to unexpected behavior, and requires a much closer knowledge of the Yawp internals than should be necessary.
To solve this problem, I have added a method called run() — all it does is include a file. It doesn’t even need a parameter (using one would create a new variable in the scope of the function, and we want *everything* isolated for the included script).
function run() { include func_get_arg(0); }This has the benefit of executing a script in its own scope, so that the hook script cannot accidentally overwrite variables in the calling Yawp method. All hooks now use the Yawp::run() method instead of include().