[prev in list] [next in list] [prev in thread] [next in thread]
List: smarty-dev
Subject: [SMARTY-DEV] special_chars filter enabled on y1
From: Rasmus Lerdorf <rasmus () lerdorf ! com>
Date: 2007-03-18 6:11:18
Message-ID: 45FCD806.4080501 () lerdorf ! com
[Download RAW message or body]
y1 hosts gtk.php.net along with smarty, qa, bugs and master. I looked
through the php-gtk-web code and there was absolutely no XSS protection
in there. Instead of trying to fix it I enabled the filter. If that
site needs raw user input for something, please add the appropriate
filter_input() calls. If any of these other sites need raw input, we
can either turn off the filter for these, or add filter_input() calls.
Offhand I don't see where these other sites need it, but I could easily
have missed something.
-Rasmus
--
Smarty Development Mailing List (http://smarty.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic