[geeklog-devel] code scrubbing: stripslashes
oliver at spiesshofer.com
Mon Aug 13 04:51:20 EDT 2007
With the changes done during some of the upgrades I seriously doubt the
site will work if the upgrade of that file is not done.
Just take COM_createLink. w/o that one, almost every page that creates
any kind of link crashes.
Michael Jervis wrote:
> I think the /concept/ is right, doing an auto-and-correct stripslashes
> on all HTTP globals on start of the page. Obviously as noted the
> implementation is incorrect.
> Should be reasonably easy to clean up everything.
> Only problem is if someone badly upgrades their lib-common.php when
> upgrading, they may have a gaping hole in their security...
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
More information about the geeklog-devel