At 5:41 PM -0400 7/19/07, Eric Butera wrote:
On 7/19/07, tedd <[EMAIL PROTECTED]> wrote:
But, Rasmus gave me this:
$action = isset($_GET['action']) ? $_GET['action'] : null;
Since you're responding to someone else asking about such things where
there is the chance someone can just copy & paste... There really
should be a whitelist against your actions. This has the benefits of
making sure you know that your program is going to work as expected
whether or not a user is trying to be malicious or they copied the URL
incorrectly, etc.
This:
$action = isset($_GET['action']) ? $_GET['action'] : null;
Becomes:
$actions = array('one','two');
$action = (!empty($_GET['action']) AND in_array($_GET['action'], $actions))
? $_GET['action'] : null;
Eric:
Point well taken about asking a question in a question -- I'll try
not to next time.
So, did Rasmus provide a problematic solution?
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
