Tue Jun 7 21:06:58 2005
Ticket #1129
Strip <?php tags from all input fields
| Priority: | normal | Reporter: | paul |
|---|---|---|---|
| Severity: | minor | Assigned to: | raed |
| Component: | Security | Status: | new |
| Version: | none | Resolution: | |
| Milestone: | 2.5.0 | Keywords: |
Description by paul:
Dont allow people to try to hack the server by putting PHP tags in fields that are displayed on the frontend. The PHPwrapper will see them and execute them. We could filter out most things using the Input.php class. The template editor also needs to filter these out.
Changelog
Tue Jun 7 21:10:10 2005: Modified by paul
- summary changed from Strip <?php tags from template editor input to Strip <?php tags from all input fields
Mon Sep 5 22:26:19 2005: Modified by paul
- description changed.
- owner changed from anonymous to raed
Fri Dec 2 20:39:18 2005: Modified by paul
- milestone changed from 2.4.0 to 2.5.0
- version changed from 2.4.0 to none
This should be fixed by raed during his security review.