Yups I did, he told me devel prefered an action-handler to add more security
But he didn't answer above question.
I am allso not good enough a programmer to write action_handlers, I looked in some of the code in latest svn but since I am a very old school programmer I am not getting it yet. I need a good working example to understand the code and altering it to my benefits.
Will try to rephrase the original question,
I am copying news 3.5 module to a new module, currently work name is 'articles' wich should have many more features then the news 3.5 module.
Since I am trying to clean up the code, merging simular files like move_up and move_down, modify_group and modify_post etc and save_post and save_group etc I stumble upon a difference in handling input within the same module, wich seem to me like a leftover from older versions.
To make sure I understand this correct I asked the question:
In news 3.5 there are 2 ways used to fetch submitted data
in save_comment.php, save_group.php and save_post.php the following syntax is used:
$fieldvariable = $admin->get_post_escaped('field');
in save_settings the following syntax is used:
$fieldvariable = $admin->add_slashes(str_replace($friendly, $raw, $_POST['field']));
It seems to me that save_settings.php still has the old way of fetching posted variables.
Surely since the security issues I wan't to create a save-as-possible-module.
That's basicly it
John
