Menu
▾
▴
Re: [phpesp-dev] code changes to phpesp
|
From: Franky V. L. <lie...@te...> - 2008-03-16 20:13:19
|
On Sun, 16 Mar 2008 15:25:58 -0400 Bishop Bettini <ph...@id...> wrote: > Quoting Matthew Gregg <mat...@gm...>: > > > On Sun, 2008-03-16 at 16:57 +0100, Franky Van Liedekerke wrote: > > I'm not sure of the status of all of Bishops changes. If all of his > > changes are in a completed state then maybe a 2.1 beta should be > > released. Where does that RID show up? > > Everything committed is stable and thoroughly tested. Being banged > on by about 30,000 people now. > > My vote would be for a v2.1 beta, which includes all of my changes > plus rid removal. > > Regards, > bishop > I think I got it for the rid variable, the only changes needed were in public/handler.php, public/handler-prefix.php and public/phpESP.first.php. Check out svn and let me know your thoughts. Now a new issue: I rely on $_REQUEST['sec'] to be "1" to reset rid to 0 (in a session variable). But of course one could spoof $_REQUEST['sec'] as well. So I need to do the same for $_REQUEST['sec'], and put that in a session variable as well. That's for tomorrow :) The html output can keep rid as hidden, since it is usefull for resuming surveys (and this is secure, since resuming works only for authenticated users). Franky |
