Secure Coding Mode: Specifying which lines to display

[shivamdixit]

In secure coding mode, developer is specifying start and end line number that will be available for editing. (In function isSecureCodingAllowed()) However this is not the best way because if in future developer modifies the code, line numbers will change and wrong lines will be displayed to the user.

[abiusx]

wouldn’t the developer update metadata after changing the files? or can he define a file which the user can edit, and keep the rest un-editable? -A On Jul 19, 2014, at 10:59 AM, Shivam Dixit [email protected] wrote:

In secure coding mode, developer is specifying start and end line number that will be available for editing. (In function isSecureCodingAllowed()) However this is not the best way because if in future developer modifies the code, line numbers will change and wrong lines will be displayed to the user.

— Reply to this email directly or view it on GitHub.

[shivamdixit]

That is correct. I thought there might be some other alternative also. Thanks!

[captn3m0]

Not sure if this would be a correct solution, but you can try using special comments with a custom format that you specify to allow the dev to specify editable portions. For instance :

<?php
include 'somestuff.php';
/** EDITABLE:BEGIN */
$id=$_GET['id'];
$result = mysql_query("SELECT * FROM users WHERE id='$id'");
/** EDITABLE:END */
?>

You would have to do some work with parsing the files, but the end result would be an easier system for developers to write.

[shivamdixit]

@captn3m0 Looks like a good idea to me!