Posting process (function submit_post)

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
Locked
User avatar
Hater
Registered User
Posts: 570
Joined: Tue May 06, 2003 8:56 pm
Location: Wisconsin
Contact:

Posting process (function submit_post)

Post by Hater »

Is it fair to ask why this function is so large, and why the contents of the post form were not just placed in a nice little expandable array? I am thinking of cleaning this code up a bit and customizing the posting.php file quite extensively, and am curious if there are any security reprecussions from cleaning this rather than having each criteria specifically noted.
geocator
Registered User
Posts: 16242
Joined: Fri Jan 09, 2004 11:56 pm
Location: On dry land
Contact:

Post by geocator »

Do you mean the passing of the information or the processing of it?
User avatar
Hater
Registered User
Posts: 570
Joined: Tue May 06, 2003 8:56 pm
Location: Wisconsin
Contact:

Post by Hater »

I imagine processing it is a simple matter of chugging through an array, like any other array, and making sure each criteria matches its respective counterpart.

Does passing an array from a form to the platform propose any security risks or side effects that passing each parameter does not?

For example

Code: Select all

$post_data = array(
    'post_subject' => $post_data['post_subject'],
    'post_message' => $post_data['post_message'],
    'post_disable_bbcode' => $post_data['post_disable_bbcode'],
    etc, etc.....
);
Then change the submit_post function from having each of those criteria seperated into one large array of data to be sorted out by the function later.
geocator
Registered User
Posts: 16242
Joined: Fri Jan 09, 2004 11:56 pm
Location: On dry land
Contact:

Post by geocator »

I am not a security expert by any means, but I see no problem with chnging the way stuff if passed to functions.
User avatar
Hater
Registered User
Posts: 570
Joined: Tue May 06, 2003 8:56 pm
Location: Wisconsin
Contact:

Post by Hater »

geocator wrote: I am not a security expert by any means, but I see no problem with chnging the way stuff if passed to functions.

Neither do I, but I was just curious. :)
Locked

Return to “2.0.x Discussion”