View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000320 | Main CAcert Website | website content | public | 2006-08-30 03:57 | 2016-02-11 23:35 |
Reporter | Sourcerer | Assigned To | felixd | ||
Priority | normal | Severity | tweak | Reproducibility | always |
Status | fix available | Resolution | open | ||
Product Version | 2006 | ||||
Summary | 0000320: Stop abusing $_REQUEST (and other special arrays) | ||||
Description | includes/account.php line1918 (the if($id==36) block) reads the data from the database, and stores the data in the PHP global array $_REQUEST: $_REQUEST['general'] = $row['general']; so that it can later be read from the $_REQUEST array in the pages/account/36.php: <? if($_REQUEST['general']) echo " checked"; This is an abuse of the $_REQUEST array, which might break in newer versions of PHP. (eg. it might not be writeable in the future anymore) | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
|
A command similar to: grep -r --color=auto "\$_\(REQUEST\|POST\|GET\)\(\[[^]]\+\]\)\+ \?= \?[^=]" pages www includes might help to determine the loctions. |
|
I pushed some patches (mainly the small files except includes/account.php) that stop writing to one of these variables here: https://github.com/yellowant/cacert-devel/tree/bug-320 |
Date Modified | Username | Field | Change |
---|---|---|---|
2006-08-30 03:57 | Sourcerer | New Issue | |
2013-01-07 15:23 | Werner Dworak | Status | new => needs work |
2014-06-15 09:23 | felixd | Note Added: 0004833 | |
2014-06-17 13:30 | felixd | Note Edited: 0004833 | |
2014-06-17 14:30 | felixd | Note Added: 0004845 | |
2016-02-11 23:35 | BenBE | Assigned To | => felixd |
2016-02-11 23:35 | BenBE | Status | needs work => fix available |
2016-02-11 23:35 | BenBE | Product Version | => 2006 |