Ticket #1129 (new defect)

Opened 5 years ago

Last modified 4 years ago

Strip <?php tags from all input fields

Reported by: paul Assigned to: anonymous
Priority: normal Milestone: zero
Component: Security Version: none
Severity: minor Keywords:
Cc:

Description (Last modified by paul)

Dont allow people to try to hack the server by putting PHP tags in fields that are displayed on the frontend. The PHPwrapper will see them and execute them. We could filter out most things using the Input.php class. The template editor also needs to filter these out.

Change History

06/07/05 21:10:10 changed by paul

  • summary changed from Strip <?php tags from template editor input to Strip <?php tags from all input fields.

09/05/05 22:26:19 changed by paul

  • owner changed from anonymous to raed.
  • description changed.

This should be fixed by raed during his security review.

12/02/05 20:39:18 changed by paul

  • version changed from 2.4.0 to none.
  • milestone changed from 2.4.0 to 2.5.0.

01/18/06 14:59:08 changed by paul

  • milestone changed from 2.5.0 to 2.6.0.

03/07/06 05:12:31 changed by paul

  • milestone changed from 2.6.0 to 3.0.0.

03/22/06 21:03:43 changed by paul

  • owner changed from raed to anonymous.
  • milestone changed from 3.0.0 to none.