basic developer rules

author cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>

Mon, 2 Nov 2009 09:41:32 +0000 (09:41 +0000)

committer cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>

Mon, 2 Nov 2009 09:41:32 +0000 (09:41 +0000)
author cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
Mon, 2 Nov 2009 09:41:32 +0000 (09:41 +0000)
committer cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
Mon, 2 Nov 2009 09:41:32 +0000 (09:41 +0000)
diff --git a/doc/developers/rules b/doc/developers/rules

new file mode 100644 (file)

index 0000000..701a215
--- /dev/null
+++ b/doc/developers/rules
@@ -0,0 +1,30 @@
+Rules for developers
+====================
+
+1. Coding style
+---------------
+SemanticScuttle uses the PEAR Coding Standards.
+While quite some parts still do not follow them, all of the
+code will be coverted to them. When developing new code,
+adhere to it.
+
+A helpful tool to check your coding style is PHP CodeSniffer,
+http://pear.php.net/package/PHP_CodeSniffer
+
+
+2. Unit tests
+-------------
+At least the service and model classes have unit tests.
+If you fix things in there, make sure you
+a) do not break the tests or
+b) fix the tests if the old behavior was broken
+
+
+3. Keep security in mind
+------------------------
+As a web application, there are several attack vectors to SemanticScuttle.
+When processing user input (form variables, URL parameters)
+be sure to convert and validate them. If you expect a bookmark id,
+there is no reason not to cast the variable to (int).
+
+Filter input, escape output.
author	cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
	Mon, 2 Nov 2009 09:41:32 +0000 (09:41 +0000)
committer	cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
	Mon, 2 Nov 2009 09:41:32 +0000 (09:41 +0000)