There aren't any plans currently to replace Sanitize. This primarily because most of what it did is better done through other methods. The documentation for data sanitization has already been updated in the cookbook http://book.cakephp.org/2.0/en/core-utility-libraries/sanitize.html to reference the new tools.
-- Sanitize is being deprecated and ultimately removed because it promotes bad practices and is a liability in the long term. Input filtering especially with HTML is very complex to do correctly. I'm am almost certain that the list or regexs Sanitize used missed things leaving apps vulnerable. Other features Sanitize provides have been implemented in PHP since the inception of the framework. Generally the solutions existing in the language are better than those that Sanitize provided as well.
-Mark
On Friday, 30 August 2013 18:03:21 UTC-4, advantage+ wrote:
On Friday, 30 August 2013 18:03:21 UTC-4, advantage+ wrote:
Regarding "Sanitize class has been deprecated and will be removed in 3.0."
Is there something in-place / inline / in development that will replace this class?
Seemed like a great tool, why dropping it?
Dave
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment