Shadab
Well-known member
Some suggestions:
(1) Don't use import_request_variables.
(2) You can remove the code that checks for PHP4; since XenForo itself has a minimum requirement of PHP 5.2.4
(3) Don't "clean" the $_GET and $_POST request variables. There's no definitive way of doing that. It would only give you a false sense of security. Filter input, escape output: is the recommended way of handling data. Input filtering is handled using the XenForo_Input class, while output is properly escaped when you use the template system.
Read Mike's post here:
http://xenforo.com/community/threads/sanitization-helper.7189/#post-101619
(4) Change your functions to not rely on globally set variables. Pass them all the data & objects that they really need, as parameters. Because when you include a file from inside a function, the variables are set in the scope of that function. So any other function which expects those variables to be set in global scope, instantly breaks.
(1) Don't use import_request_variables.
(2) You can remove the code that checks for PHP4; since XenForo itself has a minimum requirement of PHP 5.2.4
(3) Don't "clean" the $_GET and $_POST request variables. There's no definitive way of doing that. It would only give you a false sense of security. Filter input, escape output: is the recommended way of handling data. Input filtering is handled using the XenForo_Input class, while output is properly escaped when you use the template system.
Read Mike's post here:
http://xenforo.com/community/threads/sanitization-helper.7189/#post-101619
(4) Change your functions to not rely on globally set variables. Pass them all the data & objects that they really need, as parameters. Because when you include a file from inside a function, the variables are set in the scope of that function. So any other function which expects those variables to be set in global scope, instantly breaks.
