[Phpmyadmin-devel] globals
Garvin Hicking
phpmyadmin at supergarv.de
Thu Dec 8 11:45:07 CET 2005
Hi!
> - remove grab_globals, moving the GLOBALS overwrite protection into
> common.lib.php
+0 :)
> - everywhere in the code, find the variables that were set from
> grab_globals and replace them by $_REQUEST['foo'] if they originated from GET,
> POST or COOKIE, or by a reference to $_FILES, $_ENV or
> $_SERVER. Possibly taking into account that $_ENV might not be readable
> (use of getenv() ?)
+1
> - sanitize individually what can be echoed (like $message) with
> PMA_sanitize(), for XSS protection. Any need to sanitize something else?
I'm +1 for sanitizing all output depending on whether HTML is allowed or not.
However I admit I haven't looked at the current code for ages. :(
> - (later) in an effort to clean global space, replace $str by constants
+1
Regards,
Garvin
--
++ Garvin Hicking | Web-Entwickler [PHP] | www.garv.in | ICQ 21392242
++ Developer of | www.phpMyAdmin.net | www.s9y.org
++ Make me happy | http://wishes.garv.in
More information about the Developers
mailing list