Uploaded image for project: 'Plugins'
  1. Plugins
  2. CONTRIB-4144 META: Code checker 1Q 2014 round
  3. CONTRIB-4146

Prohibit use of extract() and other dangerous functions

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3.4, 2.4.1, 2.5
    • Fix Version/s: 2.5.7
    • Component/s: Local: Code checker
    • Labels:
      None
    • Affected Branches:
      MOODLE_23_STABLE, MOODLE_24_STABLE, MOODLE_25_STABLE
    • Fixed Branches:
      MOODLE_25_STABLE

      Description

      Fred asked me my opinion about it, and I really think its way too magic and bad for security (can't see the source of a variable):

      The php manual show it as this:

      $size = "large";
      $var_array = array("color" => "blue",
                         "size"  => "medium",
                         "shape" => "sphere");
      extract($var_array, EXTR_PREFIX_SAME, "wddx");
       
      echo "$color, $size, $shape, $wddx_size\n";
      

      Note: This requires documentation @ http://docs.moodle.org/dev/Coding_style#Dangerous_functions_and_constructs

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              stronk7 Eloy Lafuente (stronk7)
              Reporter:
              poltawski Dan Poltawski
              Participants:
              Component watchers:
              moodle.com, Eloy Lafuente (stronk7)
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                14/Jul/14