Serendipity Forums

Where should one provide feedback on code style?
The forum or the list?

Does it make a difference if the comment is on a plugin?

Have been spending time with the code of the static page plugin. Saw some code which I think should be different. Also think that the type of change should be widespread.. not only the plugin.

In the mean time.. while I find the right place.. the comments.

In serendipity_event_staticpage there is code like The id column in the database is an integer. I don't understand why the need to cast the variable $id as an integer. It should be used/carried as an integer all along so why the cast?

In general shouldn't variables be used/carried as the data type they will end up in the database?

Code style? If it's about the code, it should be either in here or the Plugins.
It's it's about style, it should be in the Themes.

I guess you meant coding style, so you came to the right place.

We use that (int) casting to be absolutely sure that only integers get shown there. This is to remove the change of SQL injection attacks where one might be able to force non-integer values in the SQL.

Regards,
Garvin

garvinhicking wrote:We use that (int) casting to be absolutely sure that only integers get shown there.

Ok. Understand the idea.
Shouldn't this apply to the code only?
Don't quite understand why integer defaults were casted to integers.. that is within the database itself and, in my opinion, can not be affected by a hacker. Likely doesn't cause any harm.. I was just curious.

I have adapted by coding style to require that (int) casting when dealing with unescaped integers to be safe on the security site, so I might be using it on a couple of places where a hacker might not get to.

Bit it also helps API usage, so that people don't call the API with a string and raise SQL errors...

Regards,
Garvin