Reputation: 3823
Drupal 7: Using "global $user" secure?
In Drupal 7: Is there any major security issue manually using php to pull from global $user. Such use as displaying content to specific a role(s) in my case. Or is it best practice to stick to strictly using Views/Panels/Blocks in the CMS to hide/display content?
Exam: if (in_array('moderator', $user->roles)){//reveal editable links}
Thanks
Upvotes: 0
Views: 112
Answers (1)
Reputation: 132
Assuming the code you're implementing is secure (ie: there's no chance that the $user object can be overwritten and allow higher privileges to a lower-privileged user), there's nothing inherently insecure about using the global $user object.
That said, it's best practice to use views/blocks/panels wherever possible, to maintain a consistent and maintainable implementation.
Without more specific details, that's the most I can offer. Feel free to update your question and I will add more.
Upvotes: 2
Related Questions
- PHP secure user variable
- PHP $GLOBALS | Security enquiry
- Is this safe to use. User level management
- Drupal 7 global $user variable
- php - website security using global variable
- Alternative to using global variable strings and any security issues related around using them?
- Safe alternatives to PHP Globals (Good Coding Practices)
- php code acceptable from security point of view?
- User Object and Security
- Is using "global" user in Drupal dangerous?