[Phpmyadmin-devel] Let's break master?
michal at cihar.com
Mon Feb 27 21:45:27 CET 2012
Dne Tue, 21 Feb 2012 08:18:45 -0500
Marc Delisle <marc at infomarc.info> napsal(a):
> When Michal talked about register globals, he meant that in
> grab_globals.lib.php, we take some variables from superglobals (except
> some that are in a blacklist) and make them globals, so that the other
> scripts can work with them.
Yes, basically this was introduced as short term hack before we get rid
of using globals. However it stayed longer than everyone did expect.
> In grab_globals.lib.php, we could output to a trace file the names of
> the variables that are globalized, then verify in the code where these
> global variables are used.
In pretty much everything we use $db/$table, so these would be obvious.
> >> Also, I suggest to get rid of $_REQUEST, because the origin of its
> >> contents is unclear. Ideally, at every place where we refer to
> >> $_REQUEST, a comment should explain the possible origin of the contents.
> > What do you suggest? Only to use $_POST or $_GET instead of $_REQUEST?
> > I don't see another way of getting the values of url variables.
> Yes; it could be $_COOKIE also, see
I'm not 100% confident about need to differentiate between GET/POST,
however cookies should be surely treated differently (what I believe is
already the case).
Michal Čihař | http://cihar.com | http://phpmyadmin.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the Developers