[AppDb] automatic variable cleanup
Chris Morgan
cmorgan at alum.wpi.edu
Tue Jun 27 11:07:21 CDT 2006
Wow, thats a pretty neat idea.
A few comments.
We should do something to the values in $_REQUEST so they can't be used after
this function is called.
We should error if there are variables that don't fit the format we expect. We
can't have anything getting past this filter by default or we'll be opening
holes in the filtering without any kind of notification. We'll also want to
know if we've missed anything during our changes.
Html keyword should probably be 'sh' instead of 'sH' so the lower case
characters prefixed on a variable are what represents the variables type.
This would be more consistent with what we have.
Filtering all variables might let us support allowing magic quotes although
given the widespread rejection of the magic quotes feature it seems silly to
do so. I wouldn't be surprised if the switch was removed from php entirely
in the near future.
Chris
On Tuesday 27 June 2006 4:56 am, Jonathan Ernst wrote:
> Please apply the (harmless) errorpage patch first.
>
> As my prevous approach was refused, I decided to improve the current
> makeClean approach.
>
> This patch automatically fills the $aClean array when we'll start using
> variable names like iVersionId, etc. This let's us check/clean up
> everything in a single place and do the error handling there.
>
> You'll notice that I cleanly handle the magic_quote_gpc case as well. I
> know that people with magic_quote_gpc will get an error message thanks
> to Chris patch, but I still hope we can revert his patch in the future
> because I don't like forcing people to change their php config.
>
> Changelog:
> - automatic variable cleanup function
>
> Files changed:
> - CODING_STANDARD
> - include/incl.php
> - include/util.php
More information about the wine-devel
mailing list