Extract is only ever used on settings and the like. While we do a lot to ensure the security and safety of the framework, we do not provide security for developers passing in globals and exposing potential security risks or issues.
The core at no point will extract and override a global like $_FILES, $_GET etc. Cheers, Graham / Predominant On Mon, Jul 19, 2010 at 12:32 AM, Ma'moon <phpir...@gmail.com> wrote: > Dear CakePHP core developers, > I have noticed that the "extract" function is being used in so many places > all over the core files "more than 100", and as you know, the extract > function is very dangerous to use according to the warning being mentioned > in the documentation page @ php.net/extract , kindly, my question is, what > do you guys do in order to make sure that there are no super globals are > being passed to extract in the core files?? if someone may answer me then it > will save me a lot of time to convince some people that CakePHP fits for the > job, i'll appreciate any answer. > > Thanks a lot > Ma'moon > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to cake-php@googlegroups.com > To unsubscribe from this group, send email to > cake-php+unsubscr...@googlegroups.com For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en > Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
