Hi!
- remove grab_globals, moving the GLOBALS overwrite
protection into
common.lib.php
+0 :)
- everywhere in the code, find the variables that were
set from
grab_globals and replace them by $_REQUEST['foo'] if they originated from GET,
POST or COOKIE, or by a reference to $_FILES, $_ENV or
$_SERVER. Possibly taking into account that $_ENV might not be readable
(use of getenv() ?)
+1
- sanitize individually what can be echoed (like
$message) with
PMA_sanitize(), for XSS protection. Any need to sanitize something else?
I'm +1 for sanitizing all output depending on whether HTML is allowed or not.
However I admit I haven't looked at the current code for ages. :(
- (later) in an effort to clean global space, replace
$str by constants
+1
Regards,
Garvin
--
++ Garvin Hicking | Web-Entwickler [PHP] |
www.garv.in | ICQ 21392242
++ Developer of |
www.phpMyAdmin.net |
www.s9y.org
++ Make me happy |
http://wishes.garv.in