makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-25 19:38:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

oh well.

Browse source 
git-svn-id: file:///svn/phpbb/trunk@8125 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2007-10-03 15:58:57 +00:00
parent 0ff21e4614
commit cfe004f2a2
1 changed files with 126 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
phpBB/docs/coding-guidelines.html
View file

@ -880,6 +880,23 @@ $action_ary = request_var('action', array('' => 0));
<h4>Sensitive Operations: </h4>
<p>For sensitive operations always let the user confirm the action. For the confirmation screens, make use of the <code>confirm_box()</code> function.</p>
<h4>Altering Operations: </h4>
<p>For operations altering the state of the database, for instance posting, always verify the form token, unless you are already using <code>confirm_box()</code>. To do so, make use of the <code>add_form_key()</code> and <code>check_form_key()</code> functions. </p>
<div class="codebox"><pre>
add_form_key('my_form');
if ($submit)
{
if (!check_form_token('my_form'))
{
trigger_error('FORM_INVALID');
}
}
</pre></div>
<p>The string passed to <code>add_form_key()</code> needs to match the string passed to <code>check_form_key()</code>. Another requirement for this to work correctly is that all forms include the <code>{S_FORM_TOKEN}</code> template variable.</p>
<h4>Sessions: </h4>
<p>Sessions should be initiated on each page, as near the top as possible using the following code:</p>
@ -1396,6 +1413,18 @@ div
<p>Just always remember that processing is taking place from up to down.</p>
<h4>Forms</h4>
<p>If a form is used for a non-trivial operation (i.e. more than a jumpbox), then it should include the <code>{S_FORM_TOKEN}</code> template variable.</p>
<div class="codebox"><pre>
&lt;form method=&quot;post&quot; id=&quot;mcp&quot; action=&quot;{U_POST_ACTION}&quot;&gt;
&lt;fieldset class="submit-buttons"&gt;
&lt;input type=&quot;reset&quot; value=&quot;{L_RESET}&quot; name=&quot;reset&quot; class=&quot;button2&quot; /&gt&nbsp;
&lt;input type=&quot;submit&quot; name=&quot;action[add_warning]&quot; value=&quot;{L_SUBMIT}&quot; class=&quot;button1&quot; /&gt
&lt;/fieldset&gt
{S_FORM_TOKEN}
&lt;/form&gt
</pre></div><br />
</div>
<div class="back2top"><a href="#wrap" class="top">Back to Top</a></div>
@ -1405,6 +1434,8 @@ div
<hr />
<a name="charsets"></a><h2>5. Character Sets and Encodings</h2>
<div class="paragraph">
@ -1412,6 +1443,8 @@ div
<div class="content">
<h4>What are Unicode, UCS and UTF-8?</h4>
<p>The <a href="http://en.wikipedia.org/wiki/Universal_Character_Set">Universal Character Set (UCS)</a> described in ISO/IEC 10646 consists of a large amount of characters. Each of them has a unique name and a code point which is an integer number. <a href="http://en.wikipedia.org/wiki/Unicode">Unicode</a> - which is an industry standard - complements the Universal Character Set with further information about the characters' properties and alternative character encodings. More information on Unicode can be found on the <a href="http://www.unicode.org/">Unicode Consortium's website</a>. One of the Unicode encodings is the <a href="http://en.wikipedia.org/wiki/UTF-8">8-bit Unicode Transformation Format (UTF-8)</a>. It encodes characters with up to four bytes aiming for maximum compatability with the <a href="http://en.wikipedia.org/wiki/ASCII">American Standard Code for Information Interchange</a> which is a 7-bit encoding of a relatively small subset of the UCS.</p>