[geeklog-devel] code scrubbing: stripslashes
Oliver Spiesshofer
oliver at spiesshofer.com
Mon Aug 13 04:51:20 EDT 2007
With the changes done during some of the upgrades I seriously doubt the
site will work if the upgrade of that file is not done.
Just take COM_createLink. w/o that one, almost every page that creates
any kind of link crashes.
Oliver
Michael Jervis wrote:
> I think the /concept/ is right, doing an auto-and-correct stripslashes
> on all HTTP globals on start of the page. Obviously as noted the
> implementation is incorrect.
>
> Should be reasonably easy to clean up everything.
>
> Only problem is if someone badly upgrades their lib-common.php when
> upgrading, they may have a gaping hole in their security...
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
>
>
More information about the geeklog-devel
mailing list