Is using a "global" user in Drupal dangerous?

Question

Is using a "global" user in Drupal dangerous?

I always hear that globals are dangerous. Is this Drupal related? Take a look at the following example:

function myFunction($bla) {
   global $user;
   if (isAuthenticated($user->uid)) {
        print $secretCode;
   }

}

Can this be hacked?

+2

php drupal

coderama 06 Sep 09 at 18:44

source to share

2 answers

Not. If you are using session_register it is possible for SQL injection. Since then, the ancient method, in PHP 4. Although, many people still use it.

0

Homework 06 Sep 09 at 18:49

source to share

c_harm · Accepted Answer · 2009-09-06T19:26:30+0000

Global variables can be dangerous for many reasons, some of which include:

Clutters namespaces
This makes maintenance difficult and encourages monkeypatching, as globals can be changed from anywhere.
They are not referential.
In memory-managed languages, global variables can be a source of memory leaks.
They make debugging especially difficult in large applications / sites, as it is difficult to track where they are installed and modified.

Nothing poses much of a threat to your use case. It should be good. If you are very scared, you can make sure that $ user-> uid is an integer before evaluating:

function myFunction($bla) {
   global $user;
   if( is_int($user->uid) ){
      if (isAuthenticated($user->uid)) {
         print $secretCode;
      }
   }
}

But this is probably not needed.

Is using a "global" user in Drupal dangerous?

More articles: