[geeklog-devel] code scrubbing: stripslashes

Oliver Spiesshofer oliver at spiesshofer.com
Mon Aug 13 04:51:20 EDT 2007


With the changes done during some of the upgrades I seriously doubt the 
site will work if the upgrade of that file is not done.
Just take COM_createLink. w/o that one, almost every page that creates 
any kind of link crashes.

Oliver

Michael Jervis wrote:
> I think the /concept/ is right, doing an auto-and-correct stripslashes
> on all HTTP globals on start of the page. Obviously as noted the
> implementation is incorrect.
>
> Should be reasonably easy to clean up everything.
>
> Only problem is if someone badly upgrades their lib-common.php when
> upgrading, they may have a gaping hole in their security...
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
>
>   




More information about the geeklog-devel mailing list