Doc /

CookbooksAndSecurity

La réponse de Petko Yotov à une demande de ma part fil original ici.

I haven't used or reviewed the mentioned recipes. You could check for any error reports on the *-Talk pages and check how many people use them at the *-Users pages. Note that Users pages were added in 2009 and not all recipes have people who added themselves to the Users pages.

I suspect a recipe with larger talk/users pages, and with more releases, have received more reviews/reports, have been used by more people and many bugs have been noticed and hopefully fixed. On the other hand, such recipes tend to be more complex, and it is more difficult to notice bugs in such recipes.

That said, I invite the readers of the list to participate in the wiki, to add themselves to the Users pages, to post comments or questions or ideas for improvements on the Talk pages, so that we know how our recipes are used. For example, if I release a recipe and nobody comments it and the Users page is empty, I assume nobody uses it and I can either stop working on it, or change it substantially without caring about backwards compatibility (as no one used it).

There are three major changes in recent PHP releases that may break an old recipe.

One is with the function htmlspecialchars() which may return an empty string since PHP 5.4, so I added the safe replacement function PHSC() and recipes should switch to it.

Second is the function crypt() which raises warnings since PHP 5.6 when used without a salt parameter, so I added a safe replacement function pmcrypt() and recipes should switch to it.

Third, and most complex, is the deprecation of the preg_replace() function with an /e flag since PHP 5.5, which has required me to make a number of additional functions which the recipes could use. For a recipe to work with PHP 5.5, one may have to change a number of places: Markup() definitions, $*Patterns definitions and processing, any preg_replace() call need to be reviewed.

It is great if the author or maintainer of the recipe is active, otherwise we can help (as long as the software license permits modification).

Petko

On 2015-06-07 20:14, jdd wrote: > On the cookbook page, I notice many cookbooks are old. I as recently > looking at "columns" cook books (there are two of them), and the two > are pretty old. > > Is it still possible to use them without problem? > > the column problem is not important 'for me), it's just an example, I > don't have the knowledge to test the cookbook security (I can test if > they work). > > Am I too fearful? is there really a risk?