[prev in list] [next in list] [prev in thread] [next in thread] 

List:       smarty-dev
Subject:    [SMARTY-DEV] special_chars filter enabled on y1
From:       Rasmus Lerdorf <rasmus () lerdorf ! com>
Date:       2007-03-18 6:11:18
Message-ID: 45FCD806.4080501 () lerdorf ! com
[Download RAW message or body]

y1 hosts gtk.php.net along with smarty, qa, bugs and master.  I looked
through the php-gtk-web code and there was absolutely no XSS protection
in there.  Instead of trying to fix it I enabled the filter.  If that
site needs raw user input for something, please add the appropriate
filter_input() calls.  If any of these other sites need raw input, we
can either turn off the filter for these, or add filter_input() calls.
Offhand I don't see where these other sites need it, but I could easily
have missed something.

-Rasmus

-- 
Smarty Development Mailing List (http://smarty.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]