On 4/29/06, Stephen Dolan <stedolan2@gmail.com> wrote:
Not a full review, just a comment:
The proposed property tree library uses a small internal language which is passed to the various functions, for instance:
file = ptree.get<std::string>("config.filename");
Personally, I don't think its a good idea to define new syntaxes and pass them around as strings. It would be a bit more effort to implement, but I think (something like) the following would be preferable:
file = ptree.get<std::string>["config"]["filename"]
I'm thinking largely of the dangers of passing a user-supplied string as part of the path, as in get<std::string>("config."+prop_name); since this can lead to insecurities as the query language gets more powerful. (e.g. sql injection in php and other languages, people exploiting perl scripts by passing carefully crafted strings which work their way into an eval, etc). Also, there is an additional runtime overhead in parsing the string, which can be avoided by doing it at compile-time using C++'s native syntax.
If you are interested in variants of this aproach please search the list (path concept, operator/, operator[], will lead you to the posts). We have had quite active discussion in this topic. Many proposals from many people were develop and throw to the list. Marcin have said that he will indeed change the interface (i think in a way were the actual sintaxis is seamisly supportted). Now is up to him, to choose and merge the ideas in a coherent framework. Regards, Matias Capeletto PD: I don't know if i can, but i rise both hands to vote yes to ptree.