Posted by obsidiandesign on August 3, 2008 at 10:04pm
Jump to:
| Project: | Signup Pay for a node |
| Version: | 5.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | minor |
| Assigned: | Unassigned |
| Status: | postponed (maintainer needs more info) |
Issue Summary
While searching for a solution to the apostrophe problems I was having, it came up that check_plain() is for outputting text to the user; using it before inserting data into the database isn't necessary. Not a big issue, but I thought I'd propose removing check_plain() from each of the $_POST variables inside signup_pay_paypal_ipn().
Thanks for a really handy module.
| Attachment | Size |
|---|---|
| signup_pay.module_check_plain.patch | 1.61 KB |
Comments
#1
I think this is an OK approach, consistent with what core does (filter on output, not input).
However, on an existing site, this would cause data inconsistency, with some rows escaped and some not escaped.
So, I am looking for more input from the community at large on whether to create a hook_update_N() to unescape the old data, or just let it be, because the module is still in a -dev release.
#2
i like the consideration to apply an update with this patch.