Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-04-2005, 02:03 AM
Guest190829
Guest
 
Posts: n/a
Default Is this function good?

Here's my edit_comment function, is it good? It's coding in OOP, though I kind of lost my understanding for it, so I'm going to have to reread on it. That's why I'm posting this, and also if it meets 3.5 syntax standards correctly, and if it's secure. This way, I can edit all my mistakes in previous functions I wrote. Any comments are greatly appreciated.

PHP Code:
function edit_comment() // edit comment
    
{
    
    global 
$id$vbulletin
        
        $this
->id $vbulletin->input->clean_gpc('g''commentid'TYPE_UINT);
        
        
$getcomment $vbulletin->db->query_first("SELECT comment_text, comment_title 
                                                   FROM space_comments
                                                   WHERE comment_id = '" 
$this->id "'
                                                 "
);
                                
        eval(
'$edit_comment .= "' fetch_template('edit_comment') . '";');
        
        if (
$_REQUEST['do'] == 'submit')
        {
            
$vbulletin->input->clean_array_gpc('p', array('title' => TYPE_STR'text' => TYPE_STR))
            
            
$this->title $vbulletin->GPC['title'];
            
$this->text $vbulletin->GPC['text'];
    
            
$add_edited_comment $vbulletin->db->query_write("UPDATE space_comments
                                                               SET comment_title = '" 
$db->escape_string($this->title"', 
                                                                   comment_text = '" 
$db->esacpe_string($this->text"'
                                                               WHERE comment_id = '" 
$this->id "'
                                                              "
);
                                                    
        }
    } 
Reply With Quote
  #2  
Old 09-04-2005, 02:08 AM
Adrian Schneider's Avatar
Adrian Schneider Adrian Schneider is offline
 
Join Date: Jul 2004
Posts: 2,528
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'd change the $_REQUEST['do'] to $_POST['do'] so someone can't manipulate the URL and have it submit.
Reply With Quote
  #3  
Old 09-04-2005, 02:28 AM
Guest190829
Guest
 
Posts: n/a
Default

Well I was also going to add permissions to that if statement, would the $_POST['do'] still be needed?
Reply With Quote
  #4  
Old 09-04-2005, 02:47 AM
Adrian Schneider's Avatar
Adrian Schneider Adrian Schneider is offline
 
Join Date: Jul 2004
Posts: 2,528
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It depends what triggers the function and any other security checks you have, but personally I would use $_POST for doing this.
Reply With Quote
  #5  
Old 09-04-2005, 02:48 AM
Andreas's Avatar
Andreas Andreas is offline
 
Join Date: Jan 2004
Location: Germany
Posts: 6,863
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

$_POST can be manipulates as easily as $_GET, so you won't gain much.
Reply With Quote
  #6  
Old 09-04-2005, 02:58 AM
AN-net's Avatar
AN-net AN-net is offline
 
Join Date: Dec 2003
Location: AnimationTalk.com
Posts: 2,367
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i would go with post, at least its checked from which referrer
Reply With Quote
  #7  
Old 09-04-2005, 02:59 AM
Guest190829
Guest
 
Posts: n/a
Default

Okay, then I guess I will change it to post for added security. Is everything else okay, besides that?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:53 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04085 seconds
  • Memory Usage 2,226KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (4)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • postbit_imicons
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete