On Wed, 30 Apr 2003, Lee Daniel Crocker wrote:
The wiki uses a number of non-standard options...
Actually, register_globals is the only thing you have to change in php.ini to get the wiki running.
You also need iconv support compiled in, although for a latin-1-only wiki that doesn't need to interact with incoming and outgoing links in UTF-8 it _probably_ won't get triggered.
Sure, if you use *uninitialized* global variables and assume they can only have trusted values. Don't do that. :)
Hopefully. I'm not that confident that either we don't do that, or that future coders won't do that, so I think avoiding the problem by coding so that register_globals isn't needed is a good idea.
Yup. Like overflowing your buffers: nobody does it on _purpose_. :)
In SearchEngine.php, I used $_REQUEST[], because I don't really care whether the variables come from a GET or a POST.
Oh hey, I learn something new every day. :)
-- brion vibber (brion @ pobox.com)