This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
Summary: | INPUT_REQUEST not implemented yet - but hint on direct usage of $_REQUEST | ||
---|---|---|---|
Product: | php | Reporter: | minecrawlerx |
Component: | Editor | Assignee: | Ondrej Brejla <obrejla> |
Status: | NEW --- | ||
Severity: | normal | ||
Priority: | P4 | ||
Version: | 7.4 | ||
Hardware: | All | ||
OS: | All | ||
Issue Type: | DEFECT | Exception Reporter: |
Description
minecrawlerx
2014-01-04 22:08:19 UTC
Your code doesn't have a problem just with the $_REQUEST, if I rename it to $_POST hint appears too. I have to look at it. isset() function isn't in our list of validator/filtering functions. It doesn't validates anything, just if "key exists". I can add it but it doesn't say anything about the value of the item - if it's integer, float, or if it's filtered (escaped) etc. It just say that the key exists. And it's not a purpose of this hint. It tries to force you to "be ensure" that the data from that item will be in a form you want - escaped or at least in some proper type. So for me this is invalid, but I'll leave it as P4 and will think about it some day again. Thanks. Well, with isset you do get a proper type which even cannot be malicious. You get a boolean! I often just need to know, if a variable is set (and I don't even care about the value). This situation should not trigger a hint. Also functions that implement INPUT_REQUEST should not give errors Try for instance $REQUEST = filter_var_array($_REQUEST, $filters); and $_REQUEST will give the hint. But actually I am filtering it in this particular line. |