[dev] [cvs] commit: ansel/gallery sort.php
Chuck Hagenbuch
chuck at horde.org
Tue Mar 18 15:29:49 UTC 2008
Quoting Duck <duck at obala.net>:
>> Modified files:
>> gallery sort.php
>> Log:
>> escape
>>
>> Revision Changes Path
>> 1.17 +2 -2 ansel/gallery/sort.php
>>
>> Chora Links:
>> http://cvs.horde.org/diff.php/ansel/gallery/sort.php?r1=1.16&r2=1.17&ty=u
>
> why, as IDs are integers?
Because they come from the database, and as such should be escaped.
I'm using the taint mode mod to PHP to catch stuff like this
(ftp://ftp.porcupine.org/pub/php/).
-chuck
More information about the dev
mailing list