[geeklog-devel] How to use COM_applyFilter
Tony Bibbs
tony at tonybibbs.com
Fri Feb 27 16:58:45 EST 2004
FWIW, I think that we should not necessarily insist that plugin authors
require the minimum level of the PHP version that Geeklog does.
Specifically, I mean the use of $_REQUEST should be encouraged. Also, I
think that if we aren't encouraging the coding style required to
eliminate the requiring of register_globals = ON then we should be
slapped. Specifically plugins/developer.README and docs/plugin.html
should point to Geeklog coding standards as well as how to prevent
injection attempts. To that end, Dirk, I assume you will like both of
those documents to your proposed COM_applyFilter documentation (which si
great by the way).
My main point is that my hopes is that after a year of being complete
vaporware, my hopes are to have GL2 to a point where a semi-working
alpha release can be made in the first half of '04 to encourage that
plugin authors try their hand at making their work GL2 compatible (no
small feat) and to that end we should encourage the coding practices we
would want in this new world. Done rambling...
--Tony
Blaine Lang wrote:
> Dirk wrote:
>
>>array_walk sounds useful, but I'm not sure how you would derive a common
>>function from it. How would it know which parameters are supposed to be
>>numeric?
>
>
> I was thinking we would have to pass it an array of variables and type and
> options. Maybe pass the array of variables by reference. Not sure - just
> thinking out loud. Maybe this would be better as a class.
>
> Blaine
>
> ----- Original Message -----
> From: "Dirk Haun" <dirk at haun-online.de>
> To: <geeklog-devel at lists.geeklog.net>
> Sent: Thursday, February 26, 2004 5:16 PM
> Subject: Re: [geeklog-devel] How to use COM_applyFilter
>
>
>
>>Blaine,
>>
>>
>>>The other purpose I had was a stronger version that only allowed "letters
>>>and numbers"
>>> $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );
>>
>>That may make sense. We should review some of the "freedoms" that Geeklog
>>is giving users for 1.3.10 anyway. E.g. user names (we've discussed this
>>one before, I remember) or topic IDs.
>>
>>
>>
>>>if (isset($HTTP_POST_VARS['op']) ) {
>>> $op = clubApplyFilter($HTTP_POST_VARS['op']);
>>>} elseif (isset($HTTP_GET_VARS['op']) ) {
>>> $op = clubApplyFilter($HTTP_GET_VARS['op']);
>>>} else {
>>> $op = '';
>>>}
>>
>>I was actually discouraging the use of this in my writings. Although it
>>probably makes sense to do this for one parameter (the mode of operation,
>>as in your example) and then, depending on that mode parameter, get the
>>other parameters ONLY from the array they are supposed to be in. I.e.
>>something like
>>
>> if ($op == 'submit') {
>> // 'submit' will always indicate a POST request
>> $something = COM_applyFilter ($HTTP_POST_VARS['something']);
>> } else if ($op == 'new') {
>> $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']);
>> }
>>
>>
>>
>>>I have been thinking, it would be nice to be have a common function that
>>>would filter all the POST and GET vars. It is possible to walk the arrays
>>>and maybe send it a list of variables to clean - using array_walk().
>>
>>array_walk sounds useful, but I'm not sure how you would derive a common
>>function from it. How would it know which parameters are supposed to be
>>numeric?
>>
>>bye, Dirk
>>
>>
>>--
>>http://www.haun-online.de/
>>http://geeklog.info/
>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel
More information about the geeklog-devel
mailing list