id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking
513	application_top.php - inputfilter zu spät	Volker Strähle	somebody	"Der Bereich

{{{
// security inputfilter for GET/POST/COOKIE
require (DIR_WS_CLASSES.'class.inputfilter.php');
$InputFilter = new InputFilter();
/**/
$_GET = $InputFilter->process($_GET);
$_POST = $InputFilter->process($_POST);
$_REQUEST = $InputFilter->process($_REQUEST);
$_GET = $InputFilter->safeSQL($_GET);
$_POST = $InputFilter->safeSQL($_POST);
$_REQUEST = $InputFilter->safeSQL($_REQUEST);

}}}
wir in der application_top zu spät ausgeführt.
Das sollte unbedingt vor 
{{{
// include the list of project filenames
require (DIR_WS_INCLUDES.'filenames.php');
}}}
stehen, mindestens jedoch vor dem ersten autoinclude, da sonst Parameter ohne Prüfung übergeben werden können.
"	Bug/Fehler	closed	normal	modified-shop-2.0.0.0	Sicherheit	2.0.0.0	fixed