From: Onken, L. <lue...@re...> - 2002-09-09 12:54:01
|
Hi Martin, > Using templates may be fine and all, but I strongly believe=20 > that mantis development should focus on fixing security=20 > issues ... I'm convinced that a clean separation of functionality and visual = appearance will even help to improve security, since the code is much easier to = read and understand. I have to admit that I hate going through code with lots of = <?php ?> and HTML Tags mixed up in one file :-). You need three layers: a base layer (php core_* functions),=20 a module that controls the visual appearence (e.g. template engine) and=20 a structure that controls the workflow, gets the data from the base = layer and hands it over to the template engine. > ... and refactoring the code into separate functions (as=20 > suggested by others) before we add more features and bells.=20 That's great, because then we're halfway through with the base layer. = It'll make the separation of workflow and visual appearance a lot easier. I'm = not talking about features. Using templates will allow you to add (visual) features much easier at a later stage.=20 > I don't really like to see all those mantis security=20 > bulletins being published on major security lists. One thing doesn't prevent us from keeping an eye on (or even doing) the other. The security issues have to be fixed, agreed. But that has to be = done anyway. There are (bad example, I know) five functions in fifteen places = out there, who in some way list the users who have access to a certain = function and each is a bit different from the other. If we are refactoring the code into separate functions, we will have to = check which functions we need for the control and base layers anyway. Wouldn't = it be easier to know that to access the data there is only one "get_users_for_project()" function that returns an array. This array can = then be given to template A which uses it to fill a combobox or to template B which displays it as a list. I think that we can get completely rid of core_html_API, core_print_API, css_inc.php and more things like that. Another example. Just take a look at view_all_bug_page and print_all_bug_page. Duplicate code reeks and this smells like 90% = duplicate. Using a template engine, there would have to be only one control part = (which is currently duplicated) and one main template plus a few (2-3) sub = templates for both pages. Greetings - L=FCbbe |