[dev] Small patch for Horde.php

Atif Ghaffar aghaffar@developer.ch
Thu, 16 Aug 2001 08:53:32 +0200

Previous message: [dev] Small patch for Horde.php
Next message: [dev] Party: mozilla+IMP wedding
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Chuck Hagenbuch wrote:
> Quoting Jon Parise <jon@horde.org>:
> 
> 
>>That looks pretty reasonable to me.  My only concern is
>>security-based with the additional propagation of query
>>parameters, but I suppose this really won't be opening any more
>>holes than might already exist (being query parameters can be
>>entered by hand, anyway).
>>
> 
> I don't think that's an issue... having not had a chance to look at the=
 patch, 
> my only concern is re-adding the session ID and such...

I agree,

I dont think that this patch should be applied as it is, I threw it 
quickly to test stuff. but later gave up on using QUERY_STRING and used 
cookies instead.

The only thing is that it may be a good idea to pass something at 
index.php via QUERY_STRING and be able to have that information on some 
other page. (via session or whatever)

cheers




-- 
Atif Ghaffar
Internet Development Manager
4unet AG/SA/Ltd.
---------------------------.
           +41 21 351 53 60 ¦ voice
           +41 79 659 89 72 ¦ mobile
           +41 21 254 53 62 ¦ fax
       http://www.4unet.net ¦ www
http://www.atifghaffar.com ¦ homepage
     atif.ghaffar@4unet.net ¦ email

Previous message: [dev] Small patch for Horde.php
Next message: [dev] Party: mozilla+IMP wedding
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]