Gaetano Giunta wrote: > Hugo Sandoval wrote: >> Thank you very much for the information. >> The project has been published in English and Spanish. Please, if you can, >> check it and comment if there is errors or something more that can be >> improved. >> I.E. Maybe you can think: Who needs two .tar.gz files, one in English and one >> in Spanish? Or, Why there is no .zip archive for download? > > 1. you should not add new parameters in existing ini files (eg. site.ini). > Please create awisits.ini or a similarly named new file for your extension's > settings > > 2. better name your classes and other things in php / tpl code in english if > you can (why 'leer' in fetch function name ?) > > 3. allowing the fetch function to execute any php command that is sent by the > template is imho a big security risk. It is true that it is up to the tpl > developer to create the templates, but what if he pipes in his command a > variable that is gotten from user input? Hacker might try to read /etc/passwd > with > this, or do much worse... > > 4. why include css if you do not include a template that uses them?
ps: 1b. Why use the new ini settings if you do not have a telmplate that reads them? You could simply read the ini file inside the fetch functions, and make your template esaier 5. just looked at the spanish version. Having parameters with different names depending on the language is not considered a good idea > Sorry if this sounds too harsh - I do not want to discourage you, but rather > the opposite. Welcome to the community, and please do continue contributing. > > Bye > Gaetano > >> On Jueves, 3 de Febrero de 2011 10:50:28 Nicolas Pastorino escribió: >>> Hi Hugo, and Bertrand :) >>> >> > -- Sdk-public mailing list [email protected] http://lists.ez.no/mailman/listinfo/sdk-public
