Menu
▾
▴
Re: [binarycloud-dev] Re: Lang
|
From: Alex B. <en...@tu...> - 2001-05-26 22:43:54
|
> hmm, what exactly do you mean with a 'request' class?
>
> --nico
binarycloud r1 assumes in a number of places that register_globals is _on_.
for a number of reasons that isn't the best idea, 99% of those reasons are
for security. in binarycloud r2 docs, we will strongly encourage that you
turn register_globals _off_ and for any contributed modules that will be
distributed with binarycloud, we will require (among other things) that you
use $Request->GetVar instead of assuming register_globals is on. Of course,
if that pisses you off, you don't have to use it... just turn
register_globals on and go about your business. (but don't get pissed off
when someone manages to post php code or javascript into your database
because you weren't watching closely :)
so, it's best to get all of your incoming user vars from one place, i.e. a
core class:
$Request->GetVar('foo');
that way, users can't post strange things into your environment without your
knowledge, because you have to explicitly request each variable.
why this and not $HTTP_POST_VARS[foo] ? because it's nice to be able to
build code that will work with a get ?foo=stuff or a post.
we could also build in some very simple checks that look for tags, etc.
---
_alex
--
alex black, ceo
en...@tu...
the turing studio, inc.
http://www.turingstudio.com
vox+510.666.0074
fax+510.666.0093
|
