Closed (fixed)
Project:
Discuss This!
Version:
5.x-1.x-dev
Component:
Code
Priority:
Critical
Category:
Task
Assigned:
Reporter:
Created:
20 Jun 2008 at 13:29 UTC
Updated:
8 Jul 2008 at 12:42 UTC
a major piece of work I've yet to complete for this module is to review it for security holes and ensure that the access permissions are working as desired.
Comments
Comment #1
spidermanwill be committing a patch for this later today..
Comment #2
spidermanconsidering this fixed as of commit #123086, tho I'm not 100% sure I've done the right thing with the check_plain I added in the _discussthis_set_topic function..
Comment #3
toemaz commentedcheck_plain is not required here because $title is checked when injected into the query.
Comment #4
spidermanah, sweet- thanks for the tip! i kinda thought i was being overzealous, but didn't want to be underzealous, anyway ;)
i'll remove that line in a subsequent commit, and consider this issue closed. fortunately, the module doesn't really do anything much with user input, so it's relatively easy to keep things secure.
Comment #5
Anonymous (not verified) commentedAutomatically closed -- issue fixed for two weeks with no activity.