Some few days after my last Quantum Star SE CVS release I’ve gotten around to making further changes to the PHP Game Framework being used. The major difference is a change in focus to make InputFilter data compulsory for all Commands. My justification for this change is that the major risk attached to QS2/SE has always been the innocent level of trust granted to users (SE/QS2 never filtered input).

So whenever a developer adds a Command – they will either have to add an accompanying InputFilter Data object (to define expected data in the Request) or put up with a User Fatal Error from the ErrorHandler. This may cause a few pains when we get to a stage where plugins and user modules can be added – but I think its just the safest course of action. Having definition on per Command rather than a per Page basis may seem like overkill to some – but it imposes a very strict policy on what data is allowed into the game to start with.

The Front Controller is now also nearly finished. It will parse a three sectioned ACTION request query variable which will resolve down to Module and Command (where Commands may be doubled for aggregates, e.g. System=>SignupDisplay, System=>SignupProcess, etc). It also handles Default Commands, Module Index Commands, etc., since not all actions require the full three Command references. There is one last Intercepting Filter to add to ensure magic_quotes is dealt with, and our input data is maintained in a form amenable to filtering. The others are all in place and have been tested. I am debating whether to add a PHP Compat filter or not. I think I will leave it out for the initial releases and see whether it is a benefit that would outweigh the extra include cost.

A few other changes were put through to allow future migration of the user_accounts table horizontally to Q-CMS when we get the CMS built. At the moment the System module will handle signups and logins – this is a temporary measure. I’ve also fixed some very minor bugs in parsing the REQUEST “action” value so it maps correctly to the relevant Command object and InputFilterData definition object. Other changes are to remove the Game prefix from the Module and Plugins directories (the Framework is going to be shared with Q-CMS rather than duplicating the code) which will keep the PGF generic and modular. Smarty-Lite has been dropped in favour of Smarty (the Lite version is pretty crap and not all that “Lite”).

My final concern is being as friendly as possible to shared hosts. I really need to implement the final database session feature – which has been included in ADODB-Lite at last. SQL result caching is something I will be pushing for also. Matt did an excellent job in making large reductions to memory use with the Q-LIB library – one of those unexpected deliveries he made. Matt made a lot of unexpected deliveries! I’m also looking to apply TDD in retrospect – I will assume a fresh start and see what falls out of the TDD learning process…;-)

Related posts:

  1. MVC and FrontController: QS 3-0.10