Sandbox for bw legacy scripts

Some problems we can still run into:

• bw global scope is turned into rox method scope. This means, all the variables declared in bw global scope will become local function variables, and can no longer be used as "global $x" inside bw functions. This does not apply to PHP superglobals ($_GET, $_SESSION, etc), and to $_SYSHCVOL (which is declared in RoxLauncher?)

oops, the above explanation is not really helpful.

What actually happens is this:

Traditional way, for bw.org/bw/mymessages.php:

• we start with htdocs/bw/mymessages.php
• from there we include htdocs/bw/lib/tbinit.php
• from there we include roxlauncher/roxlauncher.php, create a fresh RoxLauncher, and say $launcher->initBW();
• the launcher does all the TB stuff and global settings that are needed for BW.

Sandboxed way, for bw.org/bewelcome/mymessages.php:

• we start with htdocs/index.php (thanks to apache rewrite rule and .htaccess)
• from there the roxlauncher is started, as described in RequestRouting and InversionOfControl.
• the RoxFrontRouter? looks at the request and the build/bw/alias.ini, and decides that this request should be handled by the BwController
• The BwController (in build/bw) returns a BwPage, which finally includes the htdocs/bw/mymessages.php, as if it was a template
• The mymessages.php includes the tbinit.php, which does nothing in this case (because it finds that the class RoxLauncher? already exists)
• The mymessages.php includes some other files from htdocs/bw...

is it really worth to invest time and energy into this? it worked fairly well so far (I am sure there are more severe security issues than this one) and we should rather spend the time on getting rid of the bw part than integrating it better.

This can be used to partly get rid of /bw/ stuff, for example the whole layout stuff. And it can be used to gradually make a transition towards Rox. See MigrationToRox