Dear CakePHP core developers,
I have noticed that the extract function is being used in so many places
all over the core files more than 100, and as you know, the extract
function is very dangerous to use according to the warning being mentioned
in the documentation page @ php.net/extract ,
Extract is only ever used on settings and the like.
While we do a lot to ensure the security and safety of the framework,
we do not provide security for developers passing in globals and
exposing potential security risks or issues.
The core at no point will extract and override a global like
Hi,
I need an example that demonstrates the security risk in a CakePHP
application depends on extract!!!
On Jul 19, 1:40 am, Graham Weldon predomin...@gmail.com wrote:
Extract is only ever used on settings and the like.
While we do a lot to ensure the security and safety of the framework,
we
Hello Graham,
Thanks a lot for your kind answer, i was pretty sure that in no way there
are any globals are being passed to extract inside Cake's core, i just
wanted to make sure of that in order to show it to my paranoid client!
Thanks again.
Cheers,
Ma'moon
On Mon, Jul 19, 2010 at 2:30 AM,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
...since 1.2.x.x. is sort of a moving target.
In the case of a bugs being found and fixed in 1.x.x.x after 1.2.x.x
branched, how are you handling porting those fixes to 1.2.x.x in light
of the fact that the pertinent code may have been refactored or
1.2 has not been released.End of discussion-- /*** @author Larry E. Masters* @var string $userName* @param string $realName* @returns string aka PhpNut* @accesspublic*/
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
