[dev] Re: [cvs] commit: kronolith login.php month.php ...
Chuck Hagenbuch
chuck@horde.org
Wed, 20 Dec 2000 14:29:28 -0500
Quoting Anil Madhavapeddy <anil@recoil.org>:
> Add this to CODING_STANDARDS then ... all of our stuff should
> work with register_globals off from now on?
I've been moving that way, yeah. For one thing, it's much clearer when you're
using user input when you've got $HTTP_FOO_VARS[] around things...
Here's my proposal, I'll add it if people agree:
1. All Horde code should work with register_globals = Off. This means using
$HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SESSION_VARS,
$HTTP_SERVER_VARS, and $HTTP_ENV_VARS to access all get, post, cookie, session,
server, and environment data, respectively.
2. All Horde code should work regardless of the setting of magic_quotes_gpc.
Form data should be passed through Horde::dispelMagicQuotes() (this function
will be moved to Horde:: in my next cvs commit), which will run stripslashes on
it if necessary.
Comments?
-chuck
--
Charles Hagenbuch, <chuck@horde.org>
"If you can't stand the heat, get out of the chicken!" - Baby Blues