[TYPO3-dev] FYI: RemoveXSS from 4.2 will be incompatible with PHP 5.2.9
Xavier Perseguers
typo3 at perseguers.ch
Sat Mar 21 10:10:32 CET 2009
Hi,
In typo3/contrib/removeXSS a script RemoveXSS.php allows developers to
prevent XSS by properly sanitizing a string.
In trunk this class has been quite a lot rewritten but in branch 4.2 it
is defined as this:
class RemoveXSS {
function RemoveXSS($val) {
// code snipped
}
}
with the intent to use it like this:
$foo = RemoveXSS::RemoveXSS($some_input);
In PHP 5.2.9 this call issues a warning as a non-static method is used
as a static method (I wonder if other /more-critical/ core will be
affected too):
---------
Fatal error: Non-static method RemoveXSS::RemoveXSS() cannot be called
statically, assuming $this from incompatible context
---------
Problem: it is not possible to make it static either:
---------
Fatal error: Constructor RemoveXSS::RemoveXSS() cannot be static
---------
TYPO3 4.3 renamed this method to process().
--
Xavier Perseguers
http://xavier.perseguers.ch/en
One contribution a day keeps the fork away
More information about the TYPO3-dev
mailing list