From: Jimmy C. <ji...@ad...> - 2003-11-25 04:22:12
|
pdo...@an... said: >> what variables have to be preserved when creating URLs in read_body.php >> >> Show Unsafe images link uses mailbox, passed_id, startMessage, >> view_unsafe_images, ent_id, sort, show_more, passed_ent_id. > > Seems like a good start. I can't remember any more off the top of my > head. But.... > >> formatRecipientString function in read_body uses PHP_SELF when it >> creates >> URLs, but this causes problems with delete_move_next. >> >> Do I really have to check all the variables used by show_unsafe_images, >> if >> I want to fix formatRecipientString? function can't use PHP_SELF, >> because >> delete_move_next uses POST requests and variables are not present in >> URL. >> Also plugin can use GET request with variable that deletes other >> message. > > I'd say fix delete_move_next instead. That plugin shouldn't be pulling > directly from $_GET or $_POST itself. It should definitely be using the > SM functions for that (sqGetGlobalVar). If thus fixed, it won't need any > of those if statements that check for the variables' existance, and it'll > work for older PHP versions w/out autoglobals, can pull from GET or POST > without caring which one (SQ_FORM), and will be generally more solid code. > > I can volunteer to do the fix if you don't want to. > > Cheers, > > Paul While we are at it, should we start converting the core plugins to actually be SM Plugin compliant? I can start on making those changes for devel if need be.... Jimmy |