Lukas
I think injected services should have precedence over request
parameters because:
* on name collision you can always access request parameters by
using the request service
function showAction($doctrineManager, Request $request)
{
$requestName = $request->getRequestParameter('request');
// maybe implement ArrayAccess?
$requestName = $request['request'];
}
* request parameters aren't trusted and therefore should never
overwrite trusted variables
* passed arguments are only "shortcuts" to the "real" parameters
handled by (injected) services
* the developer should be able to use the request service instead of
passed arguments without keeping name collision in mind
i agree. but only in so much as that is the right approach if you do
accept these naming collissions. but i thinkwe shouldnt. this is
magic. this is wtf stuff. so i would say pick either one or the other.
or better yet pass the services to the constructor and the parameters
to the action method.
regards
Lukas
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
To unsubscribe from this group, send email to symfony-devs+unsubscribegooglegroups.com or
reply to this email with the words "REMOVE ME" as the subject.
