Skip to content
This repository has been archived by the owner on Mar 8, 2021. It is now read-only.

Adjust incorrect sanitize processing #1066

Closed
yama opened this issue Dec 7, 2016 · 1 comment
Closed

Adjust incorrect sanitize processing #1066

yama opened this issue Dec 7, 2016 · 1 comment

Comments

@yama
Copy link
Collaborator

yama commented Dec 7, 2016
edited
Loading

https://github.com/modxcms/evolution/blob/develop/manager/processors/save_user.processor.php
Currently there is no problem, but I think vulnerability is likely to occur.

  • Just before communicating with the DB, do escape
  • Just before displaying it in browser, do htmlspecialchars()

To make it easy to see and understand
yama added a commit that referenced this issue Dec 7, 2016
@yama
#1066 I: Adjust incorrect sanitize processing
2608765 
Make symbols such as &, <,>, ',", available as passwords string
yama added a commit that referenced this issue Dec 7, 2016
@yama
#1066 Fix: password string as is
1af30f6
@Dmi3yy
Copy link
Collaborator

Dmi3yy commented Dec 8, 2016

can close? fixed?

@yama yama closed this as completed Dec 8, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yama @Dmi3yy