On Tue, 01 Jul 2014 at 18:37:46, Florian Pritz wrote:
[...] I understand this is copied from pkg_search_page() in web/lib/pkgfuncs.inc.php, but now would be a good time to clean it up (in both places). Especially the usage of $_GET rather than a local variable should go away.
Introduce something like input_get($field_name, $default = false); which would check if the value is set and if it is return it, otherwise return the default.
I prepared several patches to improve GET parameter handling and permission handling but I am not going to merge them before the 3.2.0 release.
+ $_GET['O'] = intval($_GET['O']); + if ($_GET['O'] < 0) + $_GET['O'] = 0;
$value = max(intval($value), 0);
+ } else { + $_GET['O'] = 0; + } + + + if (isset($_GET["PP"])) { + $_GET["PP"] = intval($_GET["PP"]); + if ($_GET["PP"] < 50) + $_GET["PP"] = 50; + else if ($_GET["PP"] > 250) + $_GET["PP"] = 250;
# Source: http://at2.php.net/manual/en/function.min.php#81302 function bound($x, $min, $max) { return min(max($x, $min), $max); } [...]
Thanks, I will send a patch to simplify these two checks (the patch series has already been merged into master, so it is too late to amend).