[Owncloud] p() and print_unescaped(), documentation and general communication
Bernhard Posselt
nukeawhale at gmail.com
Sat Nov 10 14:53:16 UTC 2012
>btw, are there any special reasons for not replying to the mailinglist? My intentions with the mail was mostly to spark a discussion about how the community works together, and I used some examples where the process is sub-optimal. I'm sorry if it seemed like I criticized your work - I have great appreciation for everything you've done.
I hit the wrong button in Thunderbird ;)
I think we just discussed so much things that we kinda forgot to create
documentation on things that were decided back then.
Maybe we should generate a newsblog entry to communicate all changes.
On 11/10/2012 03:39 PM, Thomas Tanghus wrote:
> On Saturday 10 November 2012 15:10 you wrote:
>> As for
>>
>> p() vs. print_unescaped()
>>
>> Ive added those functions because the way assign works is unpredictable and
>> unsafe. In the future we will run scans on apps to check for echo and
>> similar problematic functions.
>>
>> The idea behind this is the following: atm we have to check every possible
>> php print statement to check for XSS problem. If you only use those two,
>> its quite easy to check the few places where print_unescaped() is being
>> used.
> I didn't argue against the functions but against the redundancy, the decision
> process, and the lack of communication.
>
>> It's already in the docs how to use it btw, I suppose you got it from there
>> ;)
> Yes I did. Which also shows the same symptoms. By coincidence I noticed a new
> repository (before it was announced) where the use of it obviously hadn't been
> thought through.
>
More information about the Owncloud
mailing list