[geeklog-devel] Re: [geeklog-announce] Geeklog 1.3.8-1sr4 and 1.3.7sr5 security updates
geeklog at langfamily.ca
Mon Jan 26 17:56:29 EST 2004
>> There's that tedious bit of work of having to review each and every
parameter that's passed in a POST or GET and applying COM_applyFilter to
it. I've already decided to leave the admin/*.php files for later.
And while reviewing the code, I keep finding little oddities and bugs
(two of which are fixed in today's security release).
Sounds a lot like my experience with the current Forum Plugin version. I
also only added the GET and POST filter checks to the public scripts. And
every time I went back into a program, I'd find other things to change. It
seems the more I changed the more little new bugs also appeared. Just a lot
of features and combinations to test.
More information about the geeklog-devel