search

thekabal / tki

The Kabal Invasion - A web based space exploration (4x) game
Other
11 stars 7 forks source link

Implement a filtering class for server and session calls #12

Open thekabal opened 8 years ago

thekabal commented 8 years ago

Scrutinizer has two classes of filtered issues for the code base right now that could be resolved with a filtering class for server and session calls:

??? uses the super-global variable $_SERVER which is generally not recommended. ??? uses the super-global variable $_SESSION which is generally not recommended.

Server currently uses script_name, http_host, remote_addr, http_accept_encoding .

Session currently uses username, password, logged_in, in_combat, planet_selected, ship_selected, port_shopping .

jakecleary commented 8 years ago

Are you talking about encapsulating the $_SERVER and $_SESSSION variables?

If so, why don't we just use the symfony/http-foundation package? The ::createFromGlobals() method allows you to easily wrap up and read the request data, and also modify responses before sending them back. Things like adding headers etc gets a bit easier.

thekabal commented 8 years ago

I have suspected for a while that the project will end up using Symfony, but I'm not quite ready to make that jump. I think for the specific requirements of this bug, we can craft a reasonable small class that can manage our needs without additional overhead.

To answer your question, while POST & GET are also useful to encapsulate, SERVER and SESSION are the main concerns. I would probably start with those, and see where things land before moving to the rest. Server especially has some tricky security implications. So yes, those two are the focus (at least for this specific bug).

jakecleary commented 8 years ago

That's understandable. My only counter to that is that you don't have to use the whole thing, you could just pull in symfony/http-foundation and only use it's Request class. But I do also understand why you want to minimise these things. sounds like a solid plan!

thekabal commented 8 years ago

Halfway done! Symfony's http-foundation component did the trick for the $_SERVER side of the equation (save one entry I have to figure out in classes/Compress). More testing to do, but so far, looks great! Thanks again, @jakecleary !!