appdb security

Christoph Frick frick at sc-networks.de
Fri Jun 9 02:26:27 CDT 2006


On Thu, Jun 08, 2006 at 06:44:15PM -0500, EA Durbin wrote:

> function makeSafe( $var )
> {
>    $var = trim( addslashes( $var ) );
>    return $var;
> }
> 
> 
> $clean['var1'] = makeSafe( $_REQUEST['var1'] );
> $clean['var2'] = makeSafe( $_REQUEST['var2'] );

sorry for only throwing things at you guys and not providing any code -
but i am currently packed with work :/

why dont create a object, that wrapps the request and makes it "safe".
then fixing the app is not more like sed action and you can handle stuff
in future as you like:

$_REQUEST[(['"][^'"]+['"])] -> Request::get(\1)

-- 
cu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20060609/5f618ab2/attachment.pgp


More information about the wine-devel mailing list