[geeklog-devel] About the "internal" and Webservices APIs
Joe Mucchiello
joe at ThrowingDice.com
Fri Aug 10 21:21:21 EDT 2007
At 04:34 PM 8/10/2007, you wrote:
> PLG_invokeService($plugin, $verb, $input, $output, $svc_msg);
Ignoring security for a moment, is it feasible to turn your plugin's
index.php into essentially this:
include '../lib-common.php';
$mode = myplugin_scrub_mode($_REQUEST['mode']); // Or at least assume
scrub is all the security needed.
$A = myplugin_scrub_request($_REQUEST);
$display = '';
$error = '';
echo COM_siteHeader($mode.'_title']);
$ret = PLG_invokeService('myplugin',$mode, $A, $display, $error);
if ($ret == PLG_RET_OK) {
echo myplugin_xml2html($display); // is the XML?
} else {
echo $error; // how about this?
}
echo COM_siteFooter();
Getting back to security, does the webservice API do any scrubbing
before calling the PLG_invokeService call?
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list