Sebastian Mendel a écrit :
Marc Delisle schrieb:
Michal Čihař a écrit :
Hi
On Sun, 11 Dec 2005 08:52:04 -0500 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
please look at my commit for sql.php, revision 2.76. I have just changed $goto by $_REQUEST['goto']. Is this the way we want to take?
It's a bit weird for me to use $_REQUEST['goto'] on the left side of an assignment, but anyway tell me your comments so I can continue :)
Yes it is weird and IMHO we should avoid it - clean up goto at start and put it in local namespace.
Michal, this is why in my "globals" previous message, I was asking "everywhere in the code, replace the variables...". Everywhere means everywhere :)
I remember that in 2005-02, you were suggesting to fetch the variable from $_REQUEST and then set it in global space, so we would be using $goto everywhere, except for the first time in a script. This is still your opinion?
Personally I would go like you suggested in 2005-02, (it's less job to modify all the scripts, and the weird left assignment would be gone) but I have a small regret: this way we don't see the origin of $goto.
Maybe later, we could rename all variables that come from an external source, like $request_goto or something like that.
Anyway I'll commit the changes today or tomorrow.
but $goto i special, $goto is not always coming from $_REQUEST
we should differ between $goto and $_REQUEST['goto']
common.inc.php should check $_REQUEST['goto'] against a whitelist and set $goto
$_REQUEST['goto'] is one of this varaibles that should be globally handled by common.inc.php like $_REQUEST['server'], $_REQUEST['db'], $_REQUEST['table'], $_REQUEST['lang'], ...
Ok I see. However it's currently more difficult to deal with this, because of this bug: https://sourceforge.net/tracker/index.php?func=detail&aid=1375752&gr...
many parameters on the URL are now missing, like server, goto...
I just merged a small patch to tbl_properties_links.inc.php, have a look and comment.
Marc