Forgot to hi reply-all.
---------- Forwarded message ----------
From: Jesse Becker <[EMAIL PROTECTED]>
Date: Dec 18, 2007 8:43 AM
Subject: Re: [Ganglia-developers] Patch: Minor cleanup for get_context.php
To: Carlo Marcelo Arenas Belon <[EMAIL PROTECTED]>
On Dec 18, 2007 1:54 AM, Carlo Marcelo Arenas Belon
<[EMAIL PROTECTED]> wrote:
> On Mon, Dec 17, 2007 at 10:34:19PM -0500, Jesse Becker wrote:
> > This is a minor patch for get_context.php. It mostly cleans up the
> > large block of checks, and also puts an isset() in front of all
> > variables used as array indexes.
>
> and is doing rawurldecode for several other variables (hc, sh, p, t, jr,
js,
> w, z) that didn't have it before because of the use of a common function
for
> all of them.
Actually, I don't think that there are any new rawurldecode() calls.
With the exception of adding an isset() call to check for $_GET["r"],
I tried to keep the logic the identical.
>
> if that is ok and expected, why isn't the function doing the "isset" check
and
> returning NULL if it returns false instead so that the code would be
cleaner
> to read and all checks are done in a single place?
I considered this, actually, but it would require passing the entire
$_GET array to the function each for each call to escape_decode. I'm
sure there's some PHP-ish way to do this in a pass-by-reference way,
instead of pass by value. This solution seemed a little cleaner.
On the other hand running the entire contents of $_GET through a check
routine is probably a good idea. I'll look at reworking the patch to
do this properly.
> Carlo
>
> disclaimer: I didn't look at the functionality of the PHP page, only at
the
> logic behind the script and the changes that were applied because it was
> touching the logic that was put in place recently for the XSS security fix
and
> the changes didn't seem that minor considering line count and that there
were
> not only made up syntactic changes as it seemed to be implied by the
> description.
Ah, I hadn't realized that this was some of the code touched by the XSS fix.
Speaking of that fix, was it rolled into trunk? I'm looking at a diff
of 3.0.5 to 3.0.6 to trunk, and I don't see the various fixes from
3.0.6 in revision 911.
--
Jesse Becker
GPG Fingerprint -- BD00 7AA4 4483 AFCC 82D0 2720 0083 0931 9A2B 06A2
--
Jesse Becker
GPG Fingerprint -- BD00 7AA4 4483 AFCC 82D0 2720 0083 0931 9A2B 06A2
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
Ganglia-developers mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ganglia-developers
