Heine

  • home
  • drupal
  • drupal core commits
  • about
Home

Quiz

Why are these examples of dangerous code?

Heine — Thu, 09/10/2008 - 09:35

Just think about it for a minute before jumping to someone, who has the first one right or Gordon, who nails them both.

Example I

function example_one($nid) {
  // Lots of code
  $node = node_load($nid);  
  // ...
  $user = user_load(array('uid' => $node->uid));
}

Example II

function example_two($account) {
  // ...
  $account = user_load(array('uid' => $uid));
}

  • Planet Drupal
  • Quiz
  • Security
  • 12 comments
Syndicate content

Recent posts

  • The Joomlafication of the Dutch-speaking community
  • Upgraded from 6.14 to 6.15, but Drupal still thinks it's 6.14?
  • Google Friendconnect Drupal module not recommended (yet)
  • The OpenID 2.0 Compliance Crusade - Part I
  • Using <embed> for XSS
more

Security reviews

  • Afraid custom code makes your site vulnerable?
  • You don't really trust that module you just downloaded from Drupal.org?

Sleep better after a security review.

Tags

Captcha CSRF DOH! Drupal embed Input Format modx OpenID Performance Planet Drupal Security Varnish
more tags
  • home
  • drupal
  • drupal core commits
  • about

Copyright © 2010 by Heine Deelstra. All rights reserved.