https://www.cotonti.com Last topic posts Cotonti en Sat, 11 Apr 2026 03:36:10 -0000
Also, it would always help in safe plugin development.
I saw some plugins in your download section don't obey to these rules.]]> Thu, 21 May 2009 18:15:57 -0000
- Use the SED_CODE check as the first line of your plugin code

- ALWAYS use the sed_import() function for importing http request parameters (don't forget to use the right datatype and use the optional maxlenght if applicable)

- Use sed_sql_prep() function in SQL statements, or cast using (int) for integer values (usually IDs)

- Try to use Cotonti's core functions (see functions.php and database.mysql.php) instead of your own as much as possible, this includes using functions that replace default php functions such as sed_sql_query (mysql_query())

- Don't trust ANY data given by a user, always expect data to be unsafe

- Don't do anything stupid


A tutorial might be a good thing to have though.]]> Thu, 14 May 2009 19:52:48 -0000
I'd like to request a tutorial with a breakdown of Cotonti security measurements. I'd like to write some plugins, having it all put in a nice article would help me prevent any security holes.

Also, additionally mentioned "php best practices" would be nice as well.]]> Thu, 14 May 2009 16:00:05 -0000