On 26 December 2011 11:49, Andrew Heath <[email protected]> wrote: > I was wondering if someone could explain to me the advantages of the > SuperGlobal class, and why Request is evil (according to the 0.8 comments)?
The main advantage of the SuperGlobal class is that it automatically escapes user input from $_GET and $_POST, making it harder to introduce (a specific subset of) security problems. If it's absolutely necessary to access the unfiltered data, this can be done with the ->raw() method, which shouldn't be done unless there's a very good reason and the consequences are understood. $_REQUEST is evil because it mashes together data from a variety of user-exposed sources (see http://php.net/manual/en/reserved.variables.request.php), and when you're reading data from users you really should be sure where it's coming from. > Just a novice looking for some insight into Habari's logic... I'm not an expert in regards to SuperGlobals, so someone else might want to expand or correct. (At this point I'll also raise the Habari History Flag and indicate that some core folks don't think overwriting SuperGlobals is necessarily the best way to achieve what the above-stated advantages.) -- Michael C. Harris http://twofishcreative.com/michael/blog IRC: michaeltwofish #habari -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev
