[development] Distilling distributions from configured sites.

Moshe Weitzman weitzman at tejasa.com
Wed Aug 9 14:54:20 UTC 2006


> Umm. the entire idea is that they haven't been sanitised.
> 
> these are the fields that will be saved to the database. They are not 
> for displaying.
> 
> For example, if you export a custom block, you want to export the php 
> that you entered, not the value the php generates.

i haven't really thought this through, but my concern is that some user 
submits a node with the text db_query("DELETE * FROM users"). then you do a 
var_export() and then you do an include() in the import script. i am worried 
that this import will unknowingly cause damage.


More information about the development mailing list