[Phpmyadmin-devel] globals

Marc Delisle Marc.Delisle at cegepsherbrooke.qc.ca
Thu Dec 8 08:50:11 CET 2005

Ok, I am getting lost in all those threads. I guess it's time to vote. 
I'll try to summarize the issues:

- remove grab_globals, moving the GLOBALS overwrite protection into 

- everywhere in the code, find the variables that were set from 
grab_globals and replace them by $_REQUEST['foo'] if they originated 
from GET, POST or COOKIE, or by a reference to $_FILES, $_ENV  or 
$_SERVER. Possibly taking into account that $_ENV might not be readable 
(use of getenv() ?)

- sanitize individually what can be echoed (like $message) with 
PMA_sanitize(), for XSS protection. Any need to sanitize something else?

- (later) in an effort to clean global space, replace $str by constants

Comments, please :)


More information about the Developers mailing list