On 3/22/07, Matthew Weier O'Phinney <[EMAIL PROTECTED]> wrote:
Please remember that Zend_Controller_Request_* was built to help with routing and dispatching -- which is why getParam() pulls from a variety of sources (when determining how to route a request, the salient input could come from a variety of sources -- the path, query parameters, post parameters, etc.). It was never intended as a general-purpose object for input filtering -- that's a goal for a later iteration, which will still need to account for the variety of sources when dealing with routing.
That security considerations are not part of the initial implementation, but something added later in the process, is in and of itself worrisome. -- - Ed Finkler http://funkatron.com/
