Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-4144 META: Code checker 1Q 2014 round
  3. CONTRIB-4146

Prohibit use of extract() and other dangerous functions

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Fixed
    • Icon: Minor Minor
    • 2.5.7
    • 2.3.4, 2.4.1, 2.5
    • Local: Code checker
    • None
    • MOODLE_23_STABLE, MOODLE_24_STABLE, MOODLE_25_STABLE
    • MOODLE_25_STABLE

      Fred asked me my opinion about it, and I really think its way too magic and bad for security (can't see the source of a variable):

      The php manual show it as this:

      $size = "large";
      $var_array = array("color" => "blue",
                         "size"  => "medium",
                         "shape" => "sphere");
      extract($var_array, EXTR_PREFIX_SAME, "wddx");
       
      echo "$color, $size, $shape, $wddx_size\n";
      

      Note: This requires documentation @ http://docs.moodle.org/dev/Coding_style#Dangerous_functions_and_constructs

            stronk7 Eloy Lafuente (stronk7)
            poltawski Dan Poltawski
            Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.