manSavane - Cookbook: recipe #259, Securing the Code

 
 
Show feedback again

recipe #259: Securing the Code

(Relevant for the frontend)

It is important to always obtain user input from sane_*() functions:

The goal is to get Savane working with Register Globals set to off (see PHP documentation). Which means all variables that can be provided as user input should not come as global but always from sane_*() functions.

The ongoing process is detailled task #2616.

Once a page get all user input with sane_*() functions, we can add a call to register_globals_off() just after the require against "include/pre.php", exactly when the code really begin (even before other requires). Then in the rest of the page, it will be as if Register Globals was truly set to off.

It is absolutely forbidden to remove calls to register_globals_off(). Pages that are made compliant with register_globals set to off should stay that way.

Last update: Tue 28 Nov 2006 08:25:46 AM UTC

 

 

 

 

 

Audience and Context

Audience:
   Anonymous Users, Logged-in Users, All Project Members
Feature:
   Source Code Manager: Subversion Repositories
Action:
   Browsing
Show feedback again

Back to the top


Powered by Savane 3.1-cleanup