Chris Shiflett wrote:
The idea that ignorance promotes security is fundamentally flawed. Pádraic clearly understands the risks associated with this perspective. In addition, this approach works against the HTTP spec, eroding the important distinction between GET and POST requests.
Thats a bit loaded :) I would consider the web in general to be the eroder of GET and POST as the current web browers do not make it easy for developers to easily make truly RESTful applications for browsers. From my (albeit limited) knowledge, ZF is not RESTful and I am not sure if its a goal.
Currently (across the web), we simulate PUT and DELETE by loading variables into our GET and POST, which, I can only imagine is one reason why you might see Get/Post variables accessible via the get/setParam utilities.. so that we can further simulate a RESTful architecture via a modern browser with so easily implements GET/POST.
On the subject of Filtering, I did like the previous method of pulling directly from source $input = new Zend_Filter_Input($_POST/$_GET).. But I am interested to see what the future plans have in store for us.
But, then again, I haven't written an HTTP Developers Handbook ;) -ralph
