9 Jan
2006
9 Jan
'06
7:30 a.m.
Sjon wrote:
To improve support for custom addons to RC I propose to move the current action-to-file-mapping (currently starting on index.php:214) to the actual action-directory. This allows for a customization to contain only a directory in '/program/steps/'. I see two possible options:
- create a file 'mappings.inc' containing the exact switches that are
currently in the index.php
I like this option more.
- validate a action by looking up the existence of
'/program/steps/$_task/$_action.inc'
I don't like direct access to script files from URL parameters without any checks. This is one of the most popular security issues on many web applications.
I think the second option is best. Comments?
Regards, Sjon
Regards, Thomas