In-Portal CMS: 5.0.x r12229 |
[ Diff ] [ Back to Repository ] |
Author |
Committer |
Branch |
Timestamp |
Parent |
alex |
|
5.0.x |
2009-08-08 03:37:17 |
|
|
Affected Issues |
0000209: Escape and Limit all Environment variables passed in GET |
|
Changeset |
1. Fixes #0000209: Escape and Limit all Environment variables passed in GET.
2. We already escape anything, that goes from request to database queries to prevent sql injections.
3. Add check for "../" (prevents going outside In-Portal directory) and for whitespace like symbols (makes sure, that ".tpl" is always added at the end of template name) in template names. |
mod - /in-portal/branches/5.0.x/core/kernel/nparser/nparser.php |
[ Diff ] [ File ] |
mod - /in-portal/branches/5.0.x/core/kernel/parser/template.php |
[ Diff ] [ File ] |