[geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-webservices.php, 1.16, 1.17
Dirk Haun
dirk at haun-online.de
Sun Nov 18 14:38:11 EST 2007
Joe Mucchiello wrote:
>I have a potentially stupid question but why are you parsing the
>QUERY_STRING when you can just use the $_GET array to look at it?
Because we also need to parse it in POST, PUT, and DELETE requests. For
example, a story is POSTed to the URL /webservices/atom/?plugin=story
>At a minimum shouldn't urldecode be called on the string before doing
>the explode()
You may be right there. I had it somewhere in the back of my mind never
to use urldecode on URLs because of security issues that may open up.
But I may be confusing this with the contents of $_GET, as explained in e.g.
<http://www.php.net/manual/en/function.urldecode.php#48481>
Need to double-check ...
bye, Dirk
--
http://www.geeklog.net/
http://geeklog.info/
More information about the geeklog-devel
mailing list