APPDB - patch
cmorgan at alum.wpi.edu
Wed Jun 14 10:07:30 CDT 2006
The change look good. If people don't like the trim(addslashes($var)) in
makeSafe() it should be easy to swap this out with different calls. I had a
few minor comments about the patch.
The changes to TODO should be in a separate patch.
$clean should really be $aClean keeping with the CODING_STANDARDS document in
the root of the appdb cvs directory.
Its ok to do away with the spaces in cases like this:
+ $clean['ext_email'] = makeSafe( $_POST['ext_email'] );
and just put
+ $clean['ext_email'] = makeSafe($_POST['ext_email']);
This is more consistent with the existing code.
These other fixes you mentioned should be broken out into a separate patch or
patches as well, depending on whether they can logically be grouped or not:
>I also fixed some minor bugs, such as comma's printing on screen in the
>view page, and a wrong class name, and typo of a correct Name in
We want to keep each patch specific to the particular issue being fixed. In
this case "filtering user input" is one patch, anything that isn't directly
related to filtering user input should be in another patch. What I've done
in the past is checked out another directory, made the separate fixes and
submitted a patch for them. Then after they are applied you can 'cvs update'
the directory where the multiple changes had been made and the ones in the
submitted patch should disappear as they are on the server. Then you can
rediff and resubmit the remainder.
On Tuesday 13 June 2006 11:17 pm, EA Durbin wrote:
> Security enhancement and bug fixes.
> This patch filters tainted data from potential user input and fixes some
> minor bugs I came across during testing.
> I've also updated the TODO to point to the wiki.
More information about the wine-patches