[geeklog-devel] {blockid}

Joe Mucchiello joe at ThrowingDice.com
Sun May 4 12:15:02 EDT 2008


At 11:25 AM 5/4/2008, Dirk Haun wrote:
>Apart from the slight misnomer (it's not the block's ID, bid, but
>something derived from the block's title), here are some issues I ran into:

Why not just take it from the block name?

Whoa. I was going to say it gets passed through COM_applyFilter. But 
it doesn't. It doesn't even go through COM_stripslashes. It goes 
straight from $_POST['name'] to $name to "....,'$name',...." in DB_save.

In theory block_name should be unique and after a call to 
COM_sanitizeID it should be fine. But you might want to check that 
other problem too.

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 




More information about the geeklog-devel mailing list