Is using a "global" user in Drupal dangerous?
I always hear that globals are dangerous. Is this Drupal related? Take a look at the following example:
function myFunction($bla) {
global $user;
if (isAuthenticated($user->uid)) {
print $secretCode;
}
}
Can this be hacked?
+2
coderama
source
to share
2 answers
Global variables can be dangerous for many reasons, some of which include:
- Clutters namespaces
- This makes maintenance difficult and encourages monkeypatching, as globals can be changed from anywhere.
- They are not referential.
- In memory-managed languages, global variables can be a source of memory leaks.
- They make debugging especially difficult in large applications / sites, as it is difficult to track where they are installed and modified.
Nothing poses much of a threat to your use case. It should be good. If you are very scared, you can make sure that $ user-> uid is an integer before evaluating:
function myFunction($bla) {
global $user;
if( is_int($user->uid) ){
if (isAuthenticated($user->uid)) {
print $secretCode;
}
}
}
But this is probably not needed.
+4
c_harm
source
to share
Not. If you are using session_register it is possible for SQL injection. Since then, the ancient method, in PHP 4. Although, many people still use it.
0
Homework
source
to share