[development] Distilling distributions from configured sites.
Moshe Weitzman
weitzman at tejasa.com
Wed Aug 9 14:54:20 UTC 2006
> Umm. the entire idea is that they haven't been sanitised.
>
> these are the fields that will be saved to the database. They are not
> for displaying.
>
> For example, if you export a custom block, you want to export the php
> that you entered, not the value the php generates.
i haven't really thought this through, but my concern is that some user
submits a node with the text db_query("DELETE * FROM users"). then you do a
var_export() and then you do an include() in the import script. i am worried
that this import will unknowingly cause damage.
More information about the development
mailing list