[geeklog-devel] [geeklog-cvs] Geeklog-1.x/system lib-webservices.php, 1.16, 1.17
    Joe Mucchiello 
    joe at ThrowingDice.com
       
    Mon Nov 19 02:33:14 EST 2007
    
    
  
At 02:38 PM 11/18/2007, Dirk Haun wrote:
>Joe Mucchiello wrote:
>
> >I have a potentially stupid question but why are you parsing the
> >QUERY_STRING when you can just use the $_GET array to look at it?
>
>Because we also need to parse it in POST, PUT, and DELETE requests. For
>example, a story is POSTed to the URL /webservices/atom/?plugin=story
And regardless of which method is used, that URI will set the $_GET 
array with ("plugin" => "story") in it.
Currently, WS_dissectURI parses $_SERVER['QUERY_STRING'] explicitly 
and nothing else. PHP has already divided that strings' variables 
into the $_GET array. Why are you doing it again? Also, your method 
doesn't call addslashes when magic quotes are on. But it will call 
stripslashes inside COM_applyFilter(). Not sure how dangerous that 
is, but I bet it will be the source of a very difficult bug to track down.
If you must do it again, there are builtin functions for it:
function WS_dissectURI(&$args)
{
     global $WS_INTROSPECTION, $WS_PLUGIN;
     $args = array();
     parse_str($_SERVER['QUERY_STRING'], $args);
     array_walk_recursive($args, create_function('&$v,$k', '$v = 
COM_applyFilter($v);'));
     if (array_key_exists($args, 'introspection')) {
         $WS_INTROSPECTION = true;
     }
     if (array_key_exists($args, 'plugin')) {
          $WS_PLUGIN = $args['plugin'];
     }
}
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 
    
    
More information about the geeklog-devel
mailing list