[Phrame-devel] One other thing

[Tony B. <to...@to...>]

You should allow programmers to tell the controller if it will accept GET 
or POST or both.  All the code uses $_REQUEST which is the 'both' 
scenario.  For security reasons I can see a desire to lock it own to POST 
only.  This should be configurable via the constructor and take one of 
three constants.

Actions, these may want a "var $_secureAction" boolean that let's you 
denote a secure action versus an insecure.  Then you can stub a method to 
the class called _securityCheck() or something like that which would be 
implemented by children do do the actual security checks per the apps 
business rules.  Arguably this could be all handed down to another 
abstract class that inherits from Action but I think modeling security in 
shows forethought and will definitely get used.

Ok, more later...

-- 
Tony Bibbs          "I guess you have to remember that those who don't
to...@to...  hunt or fish often see those of us who do as      
                    harmlessly strange and sort of amusing. When you  
                    think about it, that might be a fair assessment." 
                    --Unknown