Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

#513 closed Bug/Fehler (fixed)

application_top.php - inputfilter zu spät

Reported by:	Volker Strähle	Owned by:	somebody
Priority:	normal	Milestone:	modified-shop-2.0.0.0
Component:	Sicherheit	Version:	2.0.0.0
Keywords:		Cc:
Blocked By:		Blocking:

Description

Der Bereich

// security inputfilter for GET/POST/COOKIE
require (DIR_WS_CLASSES.'class.inputfilter.php');
$InputFilter = new InputFilter();
/**/
$_GET = $InputFilter->process($_GET);
$_POST = $InputFilter->process($_POST);
$_REQUEST = $InputFilter->process($_REQUEST);
$_GET = $InputFilter->safeSQL($_GET);
$_POST = $InputFilter->safeSQL($_POST);
$_REQUEST = $InputFilter->safeSQL($_REQUEST);

wir in der application_top zu spät ausgeführt.
Das sollte unbedingt vor

// include the list of project filenames
require (DIR_WS_INCLUDES.'filenames.php');

stehen, mindestens jedoch vor dem ersten autoinclude, da sonst Parameter ohne Prüfung übergeben werden können.

Attachments (0)

Change History (1)

comment:1 by Gerhard Waldemair, 10 years ago

Resolution:	→ fixed
Status:	new → closed

In 8375:

fix #513

Modify Ticket

Action

leave as closed The owner will remain somebody.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: