Needs work
Project:
URL alter
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
12 Aug 2011 at 16:50 UTC
Updated:
13 Aug 2011 at 14:14 UTC
Jump to comment: Most recent file
Given that this module is focused on developer types, I don't see why it's helpful and it is an avenue for security attacks or breaking your site really well.
| Comment | File | Size | Author |
|---|---|---|---|
| #4 | 1247672_remove_input_of_php.patch | 4.38 KB | greggles |
Comments
Comment #1
dave reidBecause the module had to give people a way to replace existing custom_url_rewrite functions :/
Comment #2
gregglesMeh, the README.txt describes other ways.
Maybe a new branch?
Comment #3
dave reidIt describes other ways for modules to be *compatible* with url_alter, but the only text relevant to replacing existing custom_url_rewrite functions in your settings.php file is:
I'd be fine renaming the permission to 'use PHP to administer custom_url_rewrite functions' but at some point we're limited by Drupal's ability to add warnings to permissions in Drupal 6.
Comment #4
gregglesTrue enough.
Here's a start. The biggest thing that needs work is the dsm's in the update function. They should ideally watchdog instead of dsm and then the dsm should link to the watchdog messages that contain the code.
Comment #5
dave reidAh I get it - a 2.x branch without the PHP input and just the API. Makes sense to me.