Bèr Kessels wrote:
Op dinsdag 7 maart 2006 20:02, schreef Adrian Rossouw:
Also, we /suffer/ from pitfalls; most of these framework take care of everything security (input validation, XSS injection) whereas with Drupal, thou shalt not forget check_plain() and friends.
how could we fix that ?
IMO with two steps:
1. Let go the current 'guideline' that everything needs a purpose. That every function must be used. Core should provide an autocomplete_return_nodes() even if that is not *used* in core, for example. Core should be more of a handy bundle of APIs, rather then a self contained, complete functioning toolset. 2. Add a far more complete database abstraction layer. Maybe even port Active Record to Drupal. AR, is AFAIK the only reason why RoR is secure.
Bèr
I'm more of a Ors fan myself. Building Drupal on top of symphony or qcodo would give you all the advantagous (how weird would that be to build a frame work on *top* of a framework). Or if that is too much over head just propel.