[dev] [commits] Horde-Hatchery branch master updated.

Jan Schneider jan at horde.org
Sun Jul 12 14:04:35 UTC 2009


Changing all those img() calls (and I guess there are more coming) is  
not a good idea IMO. It opens another way to let XSS slip through.
I agree that Horde::img() is ugly, but until we have a real solution,  
we should not unnecessarily break all kind of existing code.

Zitat von Michael Rubinsky <mike at theupstairsroom.com>:

> The branch "master" has been updated.
> The following is a summary of the commits.
>
> from: 793fb366e18208b88c09fb8a6821d2f31f0eebc1
>
> 5ea8dd8... More places we can't use Horde::img() now since these  
> need to be fully qualified urls
>
> -----------------------------------------------------------------------
>
> commit 5ea8dd897ad9f4c289ec62d8ea9a226e671cde3a
> Author: Michael J. Rubinsky <mrubinsk at horde.org>
> Date:   Mon Jun 29 14:11:08 2009 -0400
>
>     More places we can't use Horde::img() now since these need to be fully
>     qualified urls
>
>  kronolith/lib/Event.php |   24 ++++++------------------
>  1 files changed, 6 insertions(+), 18 deletions(-)
>
> http://git.horde.org/diff.php/kronolith/lib/Event.php?rt=horde-hatchery&r1=793fb366e18208b88c09fb8a6821d2f31f0eebc1&r2=5ea8dd897ad9f4c289ec62d8ea9a226e671cde3a
>
>
> __
> commits mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: commits-unsubscribe at lists.horde.org
>



Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.horde.org/archives/dev/attachments/20090712/7716e4f0/attachment.bin>


More information about the dev mailing list