Savane - Tasks: task #2616, register globals set to off [Gna!]

Savane - Tasks: task #2616, register globals set to off

Group

Main
- Main
- View Members
- Search
Homepage
Download
Docs
- Browse
- Submit
- Edit
- Digest
- Export
- Search
Support
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Mailing Lists
Source Code
- Use Subversion
- Browse Sources Repository
Bugs
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Tasks
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
News
- Browse
- Atom Feed
- Submit
- Manage

Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

task #2616: register globals set to off

Submitted by:	Mathieu Roy <yeupou>
Submitted on:	Fri 18 Nov 2005 10:40:12 AM UTC

Should Start On:	Thu 17 Nov 2005 11:00:00 PM UTC	Should be Finished on:	Mon 17 Nov 2008 11:00:00 PM UTC
Category:	Web Frontend	Status:	In Progress
Priority:	4 - High	Planned Release:
Assigned to:	None	Open/Closed:	Open
Privacy:	Public	For/By:	None

Mon 20 Nov 2006 03:11:30 PM UTC, comment #5: Copy of the update of recipe #122: It is important to always obtain user input from sane_() functions. The goal is to get Savane working with register globals set to off. Which means all variables that can be provided as user input should not come as global but always from sane_() functions, like sane_post() or sane_cookie() or sane_isset(). The ongoing process is detailled task #2616. It is absolutely forbidden to remove calls to register_globals_off(). Pages that are made compliant with register_globals set to off should stay that way. Normally, register_globals_off() should come just after the require against "include/pre.php", exactly when the code really begin (even before other requires).	Mathieu Roy <yeupou>
Mon 20 Nov 2006 10:34:30 AM UTC, comment #4: If you type `make devinfo` in the root directory of the repository, you'll now get the following list: The following PHP files does not use register_globals_off: frontend/php/testconfig.php frontend/php/account/suspended.php frontend/php/account/lostpw.php frontend/php/account/lostlogin.php frontend/php/account/register.php frontend/php/account/pending-resend.php frontend/php/files/index.php frontend/php/files/add.php frontend/php/search/index.php frontend/php/svn/index.php frontend/php/cvs/index.php frontend/php/people/index.php frontend/php/people/editjob.php frontend/php/people/createjob.php frontend/php/people/viewjob.php frontend/php/people/admin/index.php frontend/php/my/quitproject.php frontend/php/my/bookmarks.php frontend/php/my/admin/editsshkeys.php frontend/php/project/memberlist-gpgkeys.php frontend/php/project/memberlist.php frontend/php/project/admin/userperms.php frontend/php/project/admin/index.php frontend/php/project/admin/editgroupfeatures.php frontend/php/project/admin/useradmin.php frontend/php/project/admin/bulk_admin_users.php frontend/php/project/admin/conf-copy.php frontend/php/project/admin/editgroupnotifications.php frontend/php/news/index.php frontend/php/news/submit.php frontend/php/news/approve.php frontend/php/news/admin/index.php frontend/php/include/theme.php frontend/php/include/timezones.php frontend/php/include/session.php frontend/php/include/form.php frontend/php/include/exit.php frontend/php/include/user.php frontend/php/include/html.php frontend/php/include/utils.php frontend/php/include/sitemenu.php frontend/php/include/project_home.php frontend/php/include/i18n.php frontend/php/include/pagemenu.php frontend/php/include/graphs.php frontend/php/include/member.php frontend/php/include/Layout.class frontend/php/include/calendar.php frontend/php/include/Error.class frontend/php/include/database.php frontend/php/include/sane.php frontend/php/include/markup.php frontend/php/include/dnsbl.php frontend/php/include/spam.php frontend/php/include/features_boxes.php frontend/php/include/proj_email.php frontend/php/include/Group.class frontend/php/include/context.php frontend/php/include/sendmail.php frontend/php/include/pre.php frontend/php/include/account.php frontend/php/include/trackers/cookbook.php frontend/php/include/trackers/data.php frontend/php/include/trackers/general.php frontend/php/include/trackers/votes.php frontend/php/include/trackers/show.php frontend/php/include/trackers/transition.php frontend/php/include/trackers/format.php frontend/php/include/trackers/conf.php frontend/php/include/search/general.php frontend/php/include/trackers_run/postmod_filters.php frontend/php/include/trackers_run/index.php frontend/php/include/trackers_run/postadd_comment.php frontend/php/include/trackers_run/mod_filters.php frontend/php/include/trackers_run/mod.php frontend/php/include/trackers_run/browse.php frontend/php/include/trackers_run/detail-sober.php frontend/php/include/trackers_run/digest.php frontend/php/include/trackers_run/detail.php frontend/php/include/trackers_run/download.php frontend/php/include/trackers_run/add.php frontend/php/include/trackers_run/reporting.php frontend/php/include/trackers_run/admin/notification_settings.php frontend/php/include/trackers_run/admin/userperms.php frontend/php/include/trackers_run/admin/field_values_transition-ofields-update.php frontend/php/include/trackers_run/admin/index.php frontend/php/include/trackers_run/admin/field_values_reset.php frontend/php/include/trackers_run/admin/editqueryforms.php frontend/php/include/trackers_run/admin/field_values.php frontend/php/include/trackers_run/admin/other_settings.php frontend/php/include/trackers_run/admin/conf-copy.php frontend/php/include/trackers_run/admin/field_usage.php frontend/php/include/people/general.php frontend/php/include/my/general.php frontend/php/include/my/bookmarks.php frontend/php/include/project/admin.php frontend/php/include/news/forum.php frontend/php/include/news/general.php frontend/php/include/stats/general.php frontend/php/docs/admin.php frontend/php/siteadmin/group_type.php frontend/php/siteadmin/userlist.php frontend/php/siteadmin/user_changepw.php frontend/php/siteadmin/grouplist.php frontend/php/siteadmin/triggercreation.php frontend/php/siteadmin/groupedit.php frontend/php/siteadmin/usergroup.php frontend/php/register/index.php frontend/php/register/projecttype.php frontend/php/register/confirmation.php frontend/php/register/license.php frontend/php/register/basicinfo.php frontend/php/register/projectname.php frontend/php/register/requirements.php frontend/php/forum/forum.php frontend/php/forum/save.php frontend/php/forum/index.php frontend/php/forum/monitor.php frontend/php/forum/expand.php frontend/php/forum/thread.php frontend/php/forum/who_monitors.php frontend/php/forum/admin/index.php frontend/php/mail/index.php frontend/php/mail/majordomo_interface.php frontend/php/arch/index.php 87/212 files done (41%) (note that file that are supposed to be only called from include() or require() should not really use register_globals_off())	Mathieu Roy <yeupou>
Fri 18 Nov 2005 10:43:10 AM UTC, comment #3: As said comment #1, look into include/sane.php I think I'll add this in the devel documentation. Functions are sane_all() sane_post() sane_get() sane_cookie() and they should be used whenever we fetch user input. There is also a function register_globals_off() that should be put after the pre include whenever a page use the sane_* functions properly, so we'll gradually make Savane working with register_globals_off(). If a page works with register_globals_off(), it is absolutely not tolerable to remove this call to implement new things.	Mathieu Roy <yeupou>
Fri 18 Nov 2005 10:40:12 AM UTC, comment #2: This item has been reassigned from the project Savane bugs tracker to your tracker. The original report is still available at bugs #4726 Following are the information included in the original report: [field #0] Item ID: 4726 [field #1] Group ID: 116 [field #2] Open/Closed: Open [field #3] Severity: 3 - Normal [field #4] Privacy: Public [field #6] Category: Web Frontend [field #7] Submitted by: yeupou [field #8] Assigned to: None [field #9] Submitted on: mar 15.11.2005 à 12:39 [field #10] Summary: register globals set to off [field #11] Original Submission: If I have enough time, I d like to rework on this register globals issue. More and more computer will not have register_globals activated and in the end we ll have to work on this. http://ch2.php.net/register_globals With perl, we require "use perl", with PHP we cant. Using stupid strings like $_COOKIE[ ] is not an option to me. To hard and long too type, too ugly. If I have time to work on this, it will just add a few functions like safeinput-get() safeinput-post() safeinput-cookie() safeinput-any() (that will go from get to cookie to find a valid entry) That will have to be used whenever we use user input that comes from get, post and cookie. [field #13] Item Group: None [field #14] Status: In Progress [field #15] Component Version: None [field #16] Platform Version: None [field #17] Reproducibility: None [field #18] Size (loc): None [field #19] Fixed Release: None [field #20] Planned Release: None [field #21] Effort: 0.00 [field #25] Priority: B - Low [field #28] Percent Complete: 0% [field #30] Release: None [field #55] Custom Select Box #1: None [field #56] Custom Select Box #2: None [field #57] Custom Select Box #3: None [field #58] Custom Select Box #4: None [field #59] Custom Select Box #5: None [field #60] Custom Select Box #6: None [field #61] Custom Select Box #7: None [field #62] Custom Select Box #8: None [field #63] Custom Select Box #9: None [field #64] Custom Select Box #10: None	Mathieu Roy <yeupou>
Thu 17 Nov 2005 04:28:19 PM UTC, comment #1: The library is in fact include/sane.php In the end, all user input should be made using functions in there.	Mathieu Roy <yeupou>
Fri 18 Nov 2005 10:40:12 AM UTC, original submission: If I have enough time, I'd like to rework on this register globals issue. More and more computer will not have register_globals activated and in the end we'll have to work on this. http://ch2.php.net/register_globals With perl, we require "use perl", with PHP we cant. Using stupid strings like $_COOKIE[''] is not an option to me. To hard and long too type, too ugly. If I have time to work on this, it will just add a few functions like safeinput-get() safeinput-post() safeinput-cookie() safeinput-any() (that will go from get to cookie to find a valid entry) That will have to be used whenever we use user input that comes from get, post and cookie.	Mathieu Roy <yeupou>

No files currently attached

Depends on the following items: None found

Items that depend on this one: None found

Carbon-Copy List

-unavailable- added by yeupou (this is an important matter that every developer should care about)

-unavailable- added by yeupou (Submitted the item)

Do you think this task is very important?
If so, you can click here to add your encouragement to it.
This task has 0 encouragements so far.

Only logged-in users can vote.

Please enter the title of George Orwell's famous dystopian book (it's a date):

Follow 9 latest changes.

Date	Changed By	Updated Field	Previous Value	Replaced By
Mon 20 Nov 2006 03:11:31 PM UTC	yeupou	Carbon-Copy	-	Added savane-dev
Mon 20 Nov 2006 09:28:24 AM UTC	yeupou	Should be Finished on	Fri 17 Nov 2006 11:00:00 PM UTC	Mon 17 Nov 2008 11:00:00 PM UTC
		Priority	2 - Low	4 - High
		Summary	Reassigned item: register globals set to off	register globals set to off
Fri 18 Nov 2005 10:43:10 AM UTC	yeupou	Should Start On	-	Thu 17 Nov 2005 11:00:00 PM UTC
		Should be Finished on	-	Fri 17 Nov 2006 11:00:00 PM UTC
		Category	None	Web Frontend
		Status	None	In Progress
Fri 18 Nov 2005 10:40:12 AM UTC	yeupou	Reassign item	From group Savane, bugs tracker	To group Savane, task tracker

Show feedback again