Secure Coding Mode: Specifying which lines to display

Question

Secure Coding Mode: Specifying which lines to display

Opened this issue 10 years ago · 4 comments

In secure coding mode, developer is specifying start and end line number that will be available for editing. (In function isSecureCodingAllowed()) However this is not the best way because if in future developer modifies the code, line numbers will change and wrong lines will be displayed to the user.

Answer 1 · 2014-07-19T15:12:53.000Z

wouldn’t the developer update metadata after changing the files?
or can he define a file which the user can edit, and keep the rest un-editable?
-A
On Jul 19, 2014, at 10:59 AM, Shivam Dixit notifications@github.com wrote:

In secure coding mode, developer is specifying start and end line number that will be available for editing. (In function isSecureCodingAllowed()) However this is not the best way because if in future developer modifies the code, line numbers will change and wrong lines will be displayed to the user.

—
Reply to this email directly or view it on GitHub.

Answer 2 · 2014-07-20T02:54:04.000Z

That is correct. I thought there might be some other alternative also.
Thanks!

Answer 3 · 2014-07-20T06:48:26.000Z

Not sure if this would be a correct solution, but you can try using special comments with a custom format that you specify to allow the dev to specify editable portions. For instance :

<?php
include 'somestuff.php';
/** EDITABLE:BEGIN */
$id=$_GET['id'];
$result = mysql_query("SELECT * FROM users WHERE id='$id'");
/** EDITABLE:END */
?>

You would have to do some work with parsing the files, but the end result would be an easier system for developers to write.

Answer 4 · 2014-07-20T08:19:52.000Z

@captn3m0 Looks like a good idea to me!