[geeklog-devel] 1.3.10 to do list

Vincent Furia vfuria at gmail.com
Wed Aug 4 23:45:28 EDT 2004


For the record, instances of $_REQUEST in files:

public_html/comment.php:11
public_html/lib-common.php:7
public_html/mail/index.php:3
public_html/pdfgenerator.php:13
system/classes/search.class.php:1   <--- I think this is just a comment

I guess I can take care of comment.php if you really think this is
necessary.  Honestly I don't think this is that big a deal.  Anyone
using PHP < 4.1.0 is open to so many security holes we're probably
doing them a favor...

$_REQUEST makes things, much, much easier (at least in comment.php)
because forms submitting input to the script have a mix of GET and
POST variables (and often some variables are used both ways depending
on from where they are called).

-Vinny

On Wed, 4 Aug 2004 21:02:20 +0200, Dirk Haun <dirk at haun-online.de> wrote:
> Coming back to this:
> 
> >We should update the minimum requirements for Geeklog as well.  Since
> >we've started using $_REQUEST in the core code in several places we'll
> >need to require PHP 4.1.0 or higher (at a minimum).
> 
> Only pdfgenerator.php, comment.php and some comment-related code in lib-
> common.php seem to use $_REQUEST.
> 
> How much work would it be to convert that code to using $HTTP_POST_VARS
> and $HTTP_GET_VARS?
> 
> We have to move away from the $HTTP_xxx_VARS arrays eventually, as they
> seem to be disabled by default in PHP 5.0.0, but can we make one more
> release with the current requirements (which are PHP 4.0.4) and then
> convert all of it to $_POST, $_GET, and $_REQUEST for the next release
> (and, consequently, raise the requirements to PHP 4.1.0)?
> 
> 
> 
> bye, Dirk
> 
> --
> http://www.haun-online.de/
> http://geeklog.info/
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
>



More information about the geeklog-devel mailing list