[Owncloud] regarding quality
Florian Rüchel
florian.ruechel at gmail.com
Fri Jun 29 18:07:37 UTC 2012
Hello Frank,
concerning input sanatization, especially on forms:
Maybe you should take a look at available form frameworks or start coding
your own. Since I never did this on PHP (only WTForms for Python) I cannot
direct you to one.
You create a Form as a class, an XML file or any other representation and
it is able to render it to HTML code. You later pass it the transmitted
value and it will take on sanatization. This way it will always take care
that your data is filtered like it should be.
Furthermore, you might want to write some kind of request processor that
lets you retrieve data from $_GET, $_POST and so on but sanatizes it in a
nice way. Of course, then everyone will have to use this framework, but it
shouldn't be hard to fix and propose. Also, of course, provide a way to
explicitly state that you want unfiltered input, for example if it is
*desired* for someone to write HTML code.
Regards,
Florian
2012/6/29 Frank Karlitschek <frank at owncloud.org>
> Hi everybody,
>
>
> the main problem our users mention about ownCloud is the number of bugs we
> have. I think we have to be more careful in the future about code quality
> if we want that more users use our software to manage their important
> documents and data.
> We got a lot of bad press and feedback for ownCloud 4 and it took us
> several weeks to fix the major bugs in 4.0.4. We have to be way better in
> ownCloud 5.
>
> Robin, Thomas and others are working on automated unit tests. This will
> help us a bit in the future.
> But automated test have only a limited effectivity in complex
> client/server/web environments like ours.
> So every developer is full responsible for the bugs and security problems
> a commit might introduce. You can´t rely on a unit test or a different
> developer or user to find and fix your stuff.
>
> A few important rules:
>
> - Test your code before commit!
> - Only backport important and fully tested bugfixes to stable4
> - Switch PHP notices on and have a look at the Apache error log regularly.
> - Test you code before commit!!
> - Do complex stuff in branches and only merge when fully working
> - Respect the coding guidelines http://owncloud.org/dev/contribute/
> - I suggest that developers run master so that we are sure that it is
> always usable.
> - Use JS debugger like Firebug to catch JS errors.
> - Test you code before commit!!
> - Always sanitize user data to prevent XSS or CSRF security problems.
> - Always write documentation for your classes/functions.
> - Test your code before commit!!!!
> - And please test your code before commit!
>
>
> Thanks a lot!
>
> Frank
>
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20120629/cb8ce4d0/attachment.html>
More information about the Owncloud
mailing list