manSavane - Cookbook: recipe #259, Securing the Code

Show feedback again

recipe #259: Securing the Code

(Relevant for the frontend)

It is important to always obtain user input from sane_*() functions:

The goal is to get Savane working with Register Globals set to off (see PHP documentation). Which means all variables that can be provided as user input should not come as global but always from sane_*() functions.

The ongoing process is detailled task #2616.

Once a page get all user input with sane_*() functions, we can add a call to register_globals_off() just after the require against "include/pre.php", exactly when the code really begin (even before other requires). Then in the rest of the page, it will be as if Register Globals was truly set to off.

It is absolutely forbidden to remove calls to register_globals_off(). Pages that are made compliant with register_globals set to off should stay that way.

Last update: Tue Nov 28 08:25:46 2006






Audience and Context

   Anonymous Users, Logged-in Users, All Project Members
   Source Code Manager: Subversion Repositories
Show feedback again

Back to the top

Powered by Savane 3.1-cleanup