8 Dec
2005
8 Dec
'05
12:45 p.m.
Hi!
- remove grab_globals, moving the GLOBALS overwrite protection into
common.lib.php
+0 :)
- everywhere in the code, find the variables that were set from
grab_globals and replace them by $_REQUEST['foo'] if they originated from GET, POST or COOKIE, or by a reference to $_FILES, $_ENV or $_SERVER. Possibly taking into account that $_ENV might not be readable (use of getenv() ?)
+1
- sanitize individually what can be echoed (like $message) with
PMA_sanitize(), for XSS protection. Any need to sanitize something else?
I'm +1 for sanitizing all output depending on whether HTML is allowed or not. However I admit I haven't looked at the current code for ages. :(
- (later) in an effort to clean global space, replace $str by constants
+1
Regards, Garvin
--
++ Garvin Hicking | Web-Entwickler [PHP] | www.garv.in | ICQ 21392242
++ Developer of | www.phpMyAdmin.net | www.s9y.org
++ Make me happy | http://wishes.garv.in