[geeklog-devel] About the "internal" and Webservices APIs

Joe Mucchiello joe at ThrowingDice.com
Fri Aug 10 21:21:21 EDT 2007

At 04:34 PM 8/10/2007, you wrote:

>     PLG_invokeService($plugin, $verb, $input, $output, $svc_msg);

Ignoring security for a moment, is it feasible to turn your plugin's 
index.php into essentially this:

include '../lib-common.php';

$mode = myplugin_scrub_mode($_REQUEST['mode']); // Or at least assume 
scrub is all the security needed.
$A = myplugin_scrub_request($_REQUEST);
$display = '';
$error = '';

echo COM_siteHeader($mode.'_title']);

$ret = PLG_invokeService('myplugin',$mode, $A, $display, $error);

if ($ret == PLG_RET_OK) {
         echo myplugin_xml2html($display); // is the XML?
} else {
         echo $error; // how about this?
echo COM_siteFooter();

Getting back to security, does the webservice API do any scrubbing 
before calling the PLG_invokeService call?

Joe Mucchiello
Throwing Dice Games

More information about the geeklog-devel mailing list