Run variables taken from $_POST through check_plain(). Use !empty() instead of isset() when checking if these variables are present.

Comments

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland commented
Status: Active » Patch (to be ported)

Fixed in 78c456a.

Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland commented
Version: 7.x-1.x-dev » 6.x-1.x-dev
Liam Morland’s picture

Liam Morland
Primary language English
Location Ontario, CA 🇨🇦
CreditAttribution: Liam Morland commented
Assigned: Liam Morland » Unassigned

  • Liam Morland committed 78c456a on 7.x-1.x, 7.x-2.x 
    Issue #1732780: Improve handling of $_POST. Use check_plain() on these...

  • Liam Morland committed 78c456a on 8.x-2.x 
    Issue #1732780: Improve handling of $_POST. Use check_plain() on these...

  • Liam Morland committed 78c456a on 6.x-2.x 
    Issue #1732780: Improve handling of $_POST. Use check_plain() on these...

  • hass committed 0a0c069 on 6.x-1.x authored by Liam Morland 
    Issue #1732780 by Liam Morland: Improve handling of $_POST
hass’s picture

hass CreditAttribution: hass commented
Issue summary: View changes
Status: Patch (to be ported) » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.