[geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-webservices.php, 1.16, 1.17
Joe Mucchiello
joe at ThrowingDice.com
Mon Nov 19 02:33:14 EST 2007
At 02:38 PM 11/18/2007, Dirk Haun wrote:
>Joe Mucchiello wrote:
>
> >I have a potentially stupid question but why are you parsing the
> >QUERY_STRING when you can just use the $_GET array to look at it?
>
>Because we also need to parse it in POST, PUT, and DELETE requests. For
>example, a story is POSTed to the URL /webservices/atom/?plugin=story
And regardless of which method is used, that URI will set the $_GET
array with ("plugin" => "story") in it.
Currently, WS_dissectURI parses $_SERVER['QUERY_STRING'] explicitly
and nothing else. PHP has already divided that strings' variables
into the $_GET array. Why are you doing it again? Also, your method
doesn't call addslashes when magic quotes are on. But it will call
stripslashes inside COM_applyFilter(). Not sure how dangerous that
is, but I bet it will be the source of a very difficult bug to track down.
If you must do it again, there are builtin functions for it:
function WS_dissectURI(&$args)
{
global $WS_INTROSPECTION, $WS_PLUGIN;
$args = array();
parse_str($_SERVER['QUERY_STRING'], $args);
array_walk_recursive($args, create_function('&$v,$k', '$v =
COM_applyFilter($v);'));
if (array_key_exists($args, 'introspection')) {
$WS_INTROSPECTION = true;
}
if (array_key_exists($args, 'plugin')) {
$WS_PLUGIN = $args['plugin'];
}
}
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list