Ticket #989 (closed enhancement: fixed)

Opened 2 years ago

Last modified 15 months ago

Remove redundant isset checks when using Wakka::GetSafeVar

Reported by: GeorgePetsagourakis Owned by: BrianKoontz
Priority: normal Milestone: 1.3.1
Component: unspecified Version: 1.3
Severity: normal Keywords:
Cc:

Description (last modified by BrianKoontz) (diff)

Many times through the code the developer witnesses:

if (isset($_POST['action']) && ($this->GetSafeVar('action', 'post') == 'updatepass'))

All those should turn into:

if ($this->GetSafeVar('action', 'post') == 'updatepass')

Since GetSafeVar is checking for the isset.

Related tickets

  • #995 Remove redundant isset checks in Wakka::GetSafeVar()

Change History

  Changed 23 months ago by BrianKoontz

  • owner changed from unassigned to BrianKoontz
  • status changed from new to assigned

  Changed 23 months ago by BrianKoontz

  • status changed from assigned to testing

  Changed 23 months ago by BrianKoontz

(In [1672]). Replaced raw references to $_POST/$_GET with GetSafeVar() calls where applicable. Refs. #989.

I've done a cursory check on each affected action/handler, but this ticket could use some extra vetting...

  Changed 23 months ago by KrzysztofTrybowski

What is more, if GetSafeVar would accept a third parameter — a default value (instead of NULL), then we could also simplify things like: 

$sort = DEFAULT_SORT_ROUTINE;
		
if (isset($_GET['sort']))
{
	$sort = $this->GetSafeVar('sort', 'get');
}

and we could replace it with: 

$sort = $this->GetSafeVar('sort', 'get', DEFAULT_SORT_ROUTINE);

How's that?

follow-up: ↓ 6   Changed 23 months ago by BrianKoontz

This interface change would be best in a new enhancement ticket for milestone 1.4...

in reply to: ↑ 5   Changed 23 months ago by GeorgePetsagourakis

Replying to BrianKoontz:

This interface change would be best in a new enhancement ticket for milestone 1.4...

In fact the implementation of the function is easy: 

function GetSafeVar($varname, $gpc='get', $default=NULL)
{
    if($gpc == 'get' || $gpc == 'post' || $gpc=='cookie')
    {
        $gpc = strtoupper('_'.$gpc);
        global $$gpc;
        return (isset(${$gpc}[$varname])) ? $this->htmlspecialchars_ent(${$gpc}[$varname]) : $default;
    }
    return $default;
}

  Changed 23 months ago by BrianKoontz

George, I'm aware of how to make the change. There are probably a thousand "easy" fixes that can be made to the codebase for the 1.3 release. The problem is that each "easy" fix adds up timewise, and also increases the potential for breaking something. In addition, I never view interface changes to the Wakka.lib.php functions as "easy" or "trivial," because complacency in this regard can lead to unforeseen problems down the road.

Thanks for the code...I can assure you that if it's put into a 1.4 ticket, it will be reviewed again at that time. If it remains in this ticket, there are no guarantees I will remember that it's here.

  Changed 23 months ago by BrianKoontz

  • description modified (diff)

  Changed 23 months ago by BrianKoontz

(In [1686]) The body of the page cannot be read using GetSafeVar() (otherwise, important markup characters will be converted to HTML entities and not be processed by the formatter). This is OK, as the formatter will sanitize the output after processing the markup. Refs #989.

  Changed 23 months ago by DotMG

(In [1710]) refs #989 : little correction for [1672]

  Changed 23 months ago by DotMG

(In [1711]) refs #989 : little enhancement for [1672]

  Changed 22 months ago by BrianKoontz

  • status changed from testing to commit

  Changed 22 months ago by BrianKoontz

  • status changed from commit to closed
  • resolution set to fixed

  Changed 15 months ago by BrianKoontz

  • milestone changed from 1.3 to 1.3.1

Changed milestone to 1.3.1

Note: See TracTickets for help on using tickets.