[geeklog-devel] How to use COM_applyFilter

Tony Bibbs tony at tonybibbs.com
Fri Feb 27 16:58:45 EST 2004


FWIW, I think that we should not necessarily insist that plugin authors 
require the minimum level of the PHP version that Geeklog does. 
Specifically, I mean the use of $_REQUEST should be encouraged.  Also, I 
think that if we aren't encouraging the coding style required to 
eliminate the requiring of register_globals = ON then we should be 
slapped.  Specifically plugins/developer.README and docs/plugin.html 
should point to Geeklog coding standards as well as how to prevent 
injection attempts.  To that end, Dirk, I assume you will like both of 
those documents to your proposed COM_applyFilter documentation (which si 
great by the way).

My main point is that my hopes is that after a year of being complete 
vaporware, my hopes are to have GL2 to a point where a semi-working 
alpha release can be made in the first half of '04 to encourage that 
plugin authors try their hand at making their work GL2 compatible (no 
small feat) and to that end we should encourage the coding practices we 
would want in this new world.  Done rambling...

--Tony

Blaine Lang wrote:
> Dirk wrote:
> 
>>array_walk sounds useful, but I'm not sure how you would derive a common
>>function from it. How would it know which parameters are supposed to be
>>numeric?
> 
> 
> I was thinking we would have to pass it an array of variables and type and
> options. Maybe pass the array of variables by reference. Not sure - just
> thinking out loud. Maybe this would be better as a class.
> 
> Blaine
> 
> ----- Original Message ----- 
> From: "Dirk Haun" <dirk at haun-online.de>
> To: <geeklog-devel at lists.geeklog.net>
> Sent: Thursday, February 26, 2004 5:16 PM
> Subject: Re: [geeklog-devel] How to use COM_applyFilter
> 
> 
> 
>>Blaine,
>>
>>
>>>The other purpose I had was a stronger version that only allowed "letters
>>>and numbers"
>>>    $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );
>>
>>That may make sense. We should review some of the "freedoms" that Geeklog
>>is giving users for 1.3.10 anyway. E.g. user names (we've discussed this
>>one before, I remember) or topic IDs.
>>
>>
>>
>>>if (isset($HTTP_POST_VARS['op']) ) {
>>>   $op = clubApplyFilter($HTTP_POST_VARS['op']);
>>>} elseif (isset($HTTP_GET_VARS['op']) ) {
>>>   $op = clubApplyFilter($HTTP_GET_VARS['op']);
>>>} else {
>>>   $op = '';
>>>}
>>
>>I was actually discouraging the use of this in my writings. Although it
>>probably makes sense to do this for one parameter (the mode of operation,
>>as in your example) and then, depending on that mode parameter, get the
>>other parameters ONLY from the array they are supposed to be in. I.e.
>>something like
>>
>>    if ($op == 'submit') {
>>        // 'submit' will always indicate a POST request
>>        $something = COM_applyFilter ($HTTP_POST_VARS['something']);
>>    } else if ($op == 'new') {
>>        $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']);
>>    }
>>
>>
>>
>>>I have been thinking, it would be nice to be have a common function that
>>>would filter all the POST and GET vars. It is possible to walk the arrays
>>>and maybe send it a list of variables to clean  - using array_walk().
>>
>>array_walk sounds useful, but I'm not sure how you would derive a common
>>function from it. How would it know which parameters are supposed to be
>>numeric?
>>
>>bye, Dirk
>>
>>
>>-- 
>>http://www.haun-online.de/
>>http://geeklog.info/
>>
>>_______________________________________________
>>geeklog-devel mailing list
>>geeklog-devel at lists.geeklog.net
>>http://lists.geeklog.net/listinfo/geeklog-devel
> 
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel



More information about the geeklog-devel mailing list