Agh noooo.... don't base ideas of that crap coded system!
Last time I checked, phpBB was still using raw SQL statements, and
instead of properly escaping with a clean system like MediaWiki
currently is, they used a method for getting request values which would
typecast the value into the same type as the default value. Agh, to be
quite honest, the fact that they don't even bother escaping, and only on
typecasting most of the input into numbers, is probably the reason why
phpBB ends up with so many security issues.
~Daniel Friesen (Dantman, Nadir-Seen-Fire)
~Profile/Portfolio:
http://nadir-seen-fire.com
-The Nadir-Point Group (
http://nadir-point.com)
--It's Wiki-Tools subgroup (
http://wiki-tools.com)
--The ElectronicMe project (
http://electronic-me.org)
-Wikia ACG on
Wikia.com (
http://wikia.com/wiki/Wikia_ACG)
--Animepedia (
http://anime.wikia.com)
--Narutopedia (
http://naruto.wikia.com)
Aryeh Gregor wrote:
On Wed, Dec 24, 2008 at 3:17 AM, Nikola Smolenski
<smolensk(a)eunet.yu> wrote:
No, that would be a very bad solution. It would
require that everyone
who works on MediaWiki has to learn that domain-specific language, which
would result in less people being able to work on MediaWiki.
This is not inherently different from people having to learn what
MediaWiki classes and so on do. If it's a well-designed language, it
will be as easy for people to pick up as alternative ways of writing
the same info.
The first step absolutely must be to look at what other open-source
products in our situation are doing, though. If we can take the
entire system wholesale from phpBB, say, then there's no reason for us
to reinvent the wheel.