[dev] Re: [cvs] commit: kronolith login.php month.php ...

Chuck Hagenbuch chuck@horde.org
Wed, 20 Dec 2000 14:29:28 -0500


Quoting Anil Madhavapeddy <anil@recoil.org>:

> Add this to CODING_STANDARDS then ... all of our stuff should 
> work with register_globals off from now on?

I've been moving that way, yeah. For one thing, it's much clearer when you're 
using user input when you've got $HTTP_FOO_VARS[] around things...

Here's my proposal, I'll add it if people agree:

1. All Horde code should work with register_globals = Off. This means using 
$HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SESSION_VARS, 
$HTTP_SERVER_VARS, and $HTTP_ENV_VARS to access all get, post, cookie, session, 
server, and environment data, respectively.

2. All Horde code should work regardless of the setting of magic_quotes_gpc. 
Form data should be passed through Horde::dispelMagicQuotes() (this function 
will be moved to Horde:: in my next cvs commit), which will run stripslashes on 
it if necessary.

Comments?

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"If you can't stand the heat, get out of the chicken!" - Baby Blues