Hi all
I thing we all agree on removal of this security evil script. Me and Marc already had non public discussion on this topic, however I thing it should go on this list, so lets start it again :-).
Basically there is need for some function to grab required parameters from request and clean up GLOBALS array in case of register_globals is on.
I suggested to create some function like:
PMA_grabParameter($name, $request, $sanitizing = 'none', $required = TRUE)
The request parameter might not be needed, but it's up to discussion.
While Marc came with way how Moodle does it:
Moodle does this (I did not pasted the full clean_param() function)
$id = optional_param('id', 0, PARAM_INT); $name = optional_param('name'); $edit = optional_param('edit'); $idnumber = optional_param('idnumber');
function optional_param($varname, $default=NULL, $options=PARAM_CLEAN) {
if (isset($_POST[$varname])) { // POST has precedence $param = $_POST[$varname]; } else if (isset($_GET[$varname])) { $param = $_GET[$varname]; } else { return $default; }
return clean_param($param, $options); }
Comments?
I do not thing it is good idea to have optional parameters in most of code.