lwward
commented
8 years ago What is the purpose of this commit?
Closed prockallsyms closed 6 years ago
lwward
commented
8 years ago What is the purpose of this commit?
prockallsyms
commented
8 years ago To improve the filtering function on the value of 'id'.
lwward
commented
8 years ago How is this improving the filtering?
prockallsyms
commented
8 years ago I was reading some articles online over PHP filtering and when the code is changed, filtering can be more deliberate with less 0days or bugs resulting from input.
verath
commented
8 years ago I think the difference is filtering what we don't want, versus extracting only what we want? Current implementation removes everything but numbers, Dom-1's alternative extracts only numbers from the string. The result should not be any different. IMO the current implementation is easier to understand.
Anyhow, if one really wanted to "improve" the filtering, perhaps a more explicit solution would be using filter_var with the FILTER_SANITIZE_NUMBER_INT flag?
prockallsyms
commented
8 years ago Damn @verath , you took the words right out of my mouth. I was just testing it locally to see if it would be faster this way ^^ Of course I do like that filter_var idea. Never seen that before but I'll take a look ;)
IDK lulz