We need high-level coding guidelines in confluence covering topics like:
- form handling
- no data changes using GET, including csrf handling
- escaping of user input
- escaping of output
- Link to our php coding guidelines in ezp-next wiki for in depth coding standars & guidelines*
Should be best practice as it should be enforced in 5.1.