[geeklog-devel] code scrubbing: stripslashes

Michael Jervis mjervis at gmail.com
Mon Aug 13 04:44:05 EDT 2007


I think the /concept/ is right, doing an auto-and-correct stripslashes
on all HTTP globals on start of the page. Obviously as noted the
implementation is incorrect.

Should be reasonably easy to clean up everything.

Only problem is if someone badly upgrades their lib-common.php when
upgrading, they may have a gaping hole in their security...



More information about the geeklog-devel mailing list