[AppDb] automatic variable cleanup
jonathan at ernstfamily.ch
Wed Jun 28 02:58:50 CDT 2006
Le mardi 27 juin 2006 à 12:07 -0400, Chris Morgan a écrit :
> Wow, thats a pretty neat idea.
> A few comments.
> We should do something to the values in $_REQUEST so they can't be used after
> this function is called.
We can do that but only after we have made the required changes
everywhere (i.e. remove makeClean AND remove every occurence or
$_REQUEST, $_POST and so on).
> We should error if there are variables that don't fit the format we expect. We
> can't have anything getting past this filter by default or we'll be opening
> holes in the filtering without any kind of notification. We'll also want to
> know if we've missed anything during our changes.
I made a show_error_page call when variables don't fit the format isn't
> Html keyword should probably be 'sh' instead of 'sH' so the lower case
> characters prefixed on a variable are what represents the variables type.
> This would be more consistent with what we have.
Ok, could you please apply my patch and replace sH with sh in
CODING_STANDARDS and in the new function in the diff ? My patch
shouldn't cause any harm yet.
> Filtering all variables might let us support allowing magic quotes although
> given the widespread rejection of the magic quotes feature it seems silly to
> do so. I wouldn't be surprised if the switch was removed from php entirely
> in the near future.
That might be true, but for the moment being magic_quotes_gpc=on is
still the default even in php5.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 191 bytes
Desc: Ceci est une partie de message
Url : http://www.winehq.org/pipermail/wine-devel/attachments/20060628/fcbe57f9/attachment.pgp
More information about the wine-devel