I wouldn't worry about losing your place, seeing how you know there is an extract it's easy to determine where variables are being created. However, I'd be worried about the security when we use extract() of handler_vars. Users could easily post parameters such as _POST and have it be replaced (seeing how we use handler_vars this isn't a major security risk), but if you attempted to use _SESSION if might pose a more serious threat.
On Tue, Feb 10, 2009 at 9:52 PM, Arthus Erea <[email protected]> wrote: > I agree. > The use of extract() has always puzzled me. It makes it harder to know what > we're dealing with. > > I'd throw in a beheading for good measure... > > On Feb 10, 2009, at 9:49 PM, Chris Meller wrote: > > It's done this way because someone did it once and no one ever slapped them > hard enough. > > extract() is obviously the way to generate variables in the local scope for > themes. Any other usage should get you shot. If you're extract()'ing > submitted data (like handler_vars), you should get shot and stabbed. > > On Tue, Feb 10, 2009 at 9:45 PM, Michael Harris <[email protected] > > wrote: > >> >> We use extract() in several places in Habari, which at the least makes >> the code difficult to follow. I think it's legitimate in the theme >> engines, but is there any reason it's used in Comments::get(), >> EventLog::get(), Theme::act_display(), and Users::get() ? Don't we >> know what's possible to be passed, and can therefore get them directly >> from the array ? Yes, it's a bit more code, but it would be clearer. >> >> This is a genuine question, and I'd be more than happy for someone to >> tell me "It's done this way because ..." and learn something. >> >> -- >> Michael C. Harris, School of CS&IT, RMIT University >> http://twofishcreative.com/michael/blog >> IRC: michaeltwofish #habari >> >> >> > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
