View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000320 | Main CAcert Website | website content | public | 2006-08-30 03:57 | 2016-02-11 23:35 |
| Reporter | Sourcerer | Assigned To | felixd | ||
| Priority | normal | Severity | tweak | Reproducibility | always |
| Status | fix available | Resolution | open | ||
| Product Version | 2006 | ||||
| Summary | 0000320: Stop abusing $_REQUEST (and other special arrays) | ||||
| Description | includes/account.php line1918 (the if($id==36) block) reads the data from the database, and stores the data in the PHP global array $_REQUEST: $_REQUEST['general'] = $row['general']; so that it can later be read from the $_REQUEST array in the pages/account/36.php: <? if($_REQUEST['general']) echo " checked"; This is an abuse of the $_REQUEST array, which might break in newer versions of PHP. (eg. it might not be writeable in the future anymore) | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
|
|
A command similar to: grep -r --color=auto "\$_\(REQUEST\|POST\|GET\)\(\[[^]]\+\]\)\+ \?= \?[^=]" pages www includes might help to determine the loctions. |
|
|
I pushed some patches (mainly the small files except includes/account.php) that stop writing to one of these variables here: https://github.com/yellowant/cacert-devel/tree/bug-320 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2006-08-30 03:57 | Sourcerer | New Issue | |
| 2013-01-07 15:23 | Werner Dworak | Status | new => needs work |
| 2014-06-15 09:23 | felixd | Note Added: 0004833 | |
| 2014-06-17 13:30 | felixd | Note Edited: 0004833 | |
| 2014-06-17 14:30 | felixd | Note Added: 0004845 | |
| 2016-02-11 23:35 | BenBE | Assigned To | => felixd |
| 2016-02-11 23:35 | BenBE | Status | needs work => fix available |
| 2016-02-11 23:35 | BenBE | Product Version | => 2006 |
