* Bryan Tong Minh bryan.tongminh@gmail.com [Wed, 3 Nov 2010 11:22:26 +0100]:
On Wed, Nov 3, 2010 at 11:14 AM, Dmitriy Sintsov questpc@rambler.ru wrote:
In ideal world, there probably should be no direct access to $_FILES[] and
usage
of is_uploaded_file(), but all of these calls should be encapsulated into WebRequest class, imo.
As off r70037 and follow-ups, this has been possible.
Ah, I didn't knew that. The customers still mostly run 1.15.x so I am not checking the trunk very often. I should take a look at that new class. Btw, I don't see is_uploaded_file() check against "$_FILES[] injection" in the code, is that secure? Or, perhaps it already was somewhere else. But, FauxRequest would not require it, of course. Dmitriy