[AppDb] automatic variable cleanup

Jonathan Ernst jonathan at ernstfamily.ch
Wed Jun 28 02:58:50 CDT 2006

Le mardi 27 juin 2006 à 12:07 -0400, Chris Morgan a écrit :
> Wow, thats a pretty neat idea.
> A few comments.
> We should do something to the values in $_REQUEST so they can't be used after 
> this function is called.

We can do that but only after we have made the required changes
everywhere (i.e. remove makeClean AND remove every occurence or
$_REQUEST[], $_POST and so on).

> We should error if there are variables that don't fit the format we expect. We 
> can't have anything getting past this filter by default or we'll be opening 
> holes in the filtering without any kind of notification.  We'll also want to 
> know if we've missed anything during our changes.

I made a show_error_page call when variables don't fit the format isn't
it sufficient.

> Html keyword should probably be 'sh' instead of 'sH' so the lower case 
> characters prefixed on a variable are what represents the variables type.  
> This would be more consistent with what we have.

Ok, could you please apply my patch and replace sH with sh in
CODING_STANDARDS and in the new function in the diff ? My patch
shouldn't cause any harm yet.

> Filtering all variables might let us support allowing magic quotes although 
> given the widespread rejection of the magic quotes feature it seems silly to 
> do so.  I wouldn't be surprised if the switch was removed from php entirely 
> in the near future.

That might be true, but for the moment being magic_quotes_gpc=on is
still the default even in php5.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20060628/fcbe57f9/attachment.pgp

More information about the wine-devel mailing list