[geeklog-devel] PostNuke's way of handling Post and Get Vars

[Blaine Lang]

I have a client project that will require doing a module for PostNuke.
As best I can tell - PostNuke (pn) is mostly all new code and approach from
phpNuke.
PostNuke is still not a 1.0 release. Latest being 0.726

Anyway - They have a very different API then ours. So far, I like what I
see. Not necessarily better - just different
I can send out updates of what I see and learn if this group is interested.

With our recent security related issues and extra coding requried for plugin
developers to handle POST and GET vars. I liked the solution PostNuke has.
The following is how all variables are to be retrieved and used inside
modules. It makes it easy as I've had to include functions each time and
recently we determined a need for additional filtering.

Blaine
----------------
Name
pnVarCleanFromInput - obtain form variable

Synopsis
mixed pnVarCleanFromInput(name, ...);
string name, , string ... ;

Description
pnVarCleanFromInput() takes a variable number of name arguments and for each
one obtains the variable from the input namespace. It removes any preparsing
done by PHP to ensure that the string is exactly as expected, without any
escaped characters.
pnVarCleanFromInput() also removes any HTML tags that could be considered
dangerous to the PostNuke system's security.

Return Values
If pnVarCleanFromInput() is only passed a single name argument then it
returns the corresponding variable. If pnVarCleanFromInput() is passed
multiple arguments then it returns an array of corresponding variables.

Notes
Obtaining input variables from the global namespace, or from arrays such as
HTTP_POST_VARS, is not supported and should never be done.
pnVarCleanFromInput() is the only supported way of obtaining such variables.

Examples
// Obtain a single value
$id = pnVarCleanFromInput('id');

// Obtain a number of values
list($name, $number) = pnVarCleanFromInput('name', 'number');