APPDB - patch

[Chris Morgan]

The change look good.  If people don't like the trim(addslashes($var)) in 
makeSafe() it should be easy to swap this out with different calls.  I had a 
few minor comments about the patch.


The changes to TODO should be in a separate patch.



$clean should really be $aClean keeping with the CODING_STANDARDS document in 
the root of the appdb cvs directory.



Its ok to do away with the spaces in cases like this:
+    $clean['ext_email'] = makeSafe( $_POST['ext_email'] );

and just put
+    $clean['ext_email'] = makeSafe($_POST['ext_email']);

This is more consistent with the existing code.



These other fixes you mentioned should be broken out into a separate patch or 
patches as well, depending on whether they can logically be grouped or not:

>I also fixed some minor bugs, such as comma's printing on screen in the 
>vendor 
>view page, and a wrong class name, and typo of a correct Name in 
>appsubmit.php.


We want to keep each patch specific to the particular issue being fixed.  In 
this case "filtering user input" is one patch, anything that isn't directly 
related to filtering user input should be in another patch.  What I've done 
in the past is checked out another directory, made the separate fixes and 
submitted a patch for them.  Then after they are applied you can 'cvs update' 
the directory where the multiple changes had been made and the ones in the 
submitted patch should disappear as they are on the server.  Then you can 
rediff and resubmit the remainder.

Chris





On Tuesday 13 June 2006 11:17 pm, EA Durbin wrote:
> Security enhancement and bug fixes.
>
> This patch filters tainted data from potential user input and fixes some
> minor bugs I came across during testing.
>
> I've also updated the TODO to point to the wiki.