1. NOTICE: If you are using Fabrik and update to Joomla 3.10, you will need to update to Fabrik 3.10. And, if you are using Fabrik, do not upgrade to Joomla 4, we do not have a supported version ready for release. More information on a release date coming soon. Also, please note that Fabrik 3.10 will not install on any Joomla sites less than 3.8.
    Dismiss Notice

Variable collision in form php script

Discussion in 'Community' started by achartier, Sep 27, 2018.

  1. achartier

    achartier Active Member

    Level: Community
    When using a form php plugin that requests a php file it is possible to have a variable name collision if the file contains variables using the names $params, $this or $w.

    The php file is inserted using require or require_once which basically inserts the code inline into the php.php plugin at runtime.

    If the script file is not wrapped as a function, i.e. simply just a bunch of php code, it is possible to overwrite the value of these variables if the same variable names are used in the file, which can cause unpredictable results.

    Either the php.php plugin should eval the file or the wiki needs to be updated to ensure the script is wrapped into a function to protect against this collision.

    Actually, wrapping it in a function means you lose direct access to the formModel etc., so these either have to be passed in or some other means of protecting the variables needs to be implemented.

    Hugh, if you want the wiki updated I can do that, just need some guidance on which way you recommend solving the problem. Of course one way might be to simply state don't use $params, $w or $this is the php scripts, but this leave the onus on the coder to have read this bit.
     
    Last edited: Sep 27, 2018

Share This Page