Agh noooo.... don't base ideas of that crap coded system!
Last time I checked, phpBB was still using raw SQL statements, and instead of properly escaping with a clean system like MediaWiki currently is, they used a method for getting request values which would typecast the value into the same type as the default value. Agh, to be quite honest, the fact that they don't even bother escaping, and only on typecasting most of the input into numbers, is probably the reason why phpBB ends up with so many security issues.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) ~Profile/Portfolio: http://nadir-seen-fire.com -The Nadir-Point Group (http://nadir-point.com) --It's Wiki-Tools subgroup (http://wiki-tools.com) --The ElectronicMe project (http://electronic-me.org) -Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG) --Animepedia (http://anime.wikia.com) --Narutopedia (http://naruto.wikia.com)
Aryeh Gregor wrote:
On Wed, Dec 24, 2008 at 3:17 AM, Nikola Smolenski smolensk@eunet.yu wrote:
No, that would be a very bad solution. It would require that everyone who works on MediaWiki has to learn that domain-specific language, which would result in less people being able to work on MediaWiki.
This is not inherently different from people having to learn what MediaWiki classes and so on do. If it's a well-designed language, it will be as easy for people to pick up as alternative ways of writing the same info.
The first step absolutely must be to look at what other open-source products in our situation are doing, though. If we can take the entire system wholesale from phpBB, say, then there's no reason for us to reinvent the wheel.