Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

WebBasket: User input has to be better washed and sanitized #879

Closed
invenio-developers opened this Issue · 4 comments

2 participants

@invenio-developers
Collaborator

Originally by nkasioum (@kasioumis) on 2012-01-30

User input should be carefully washed and sanitized before used and displayed to avoid unexpected behavior and exploits. The same goes for DB functions' output.

@invenio-developers
Collaborator

Originally by Nikolaos Kasioumis nikolaos.kasioumis@cern.ch on 2012-02-10

In [3b12ca3]:

#CommitTicketReference repository="" revision="3b12ca392b4ab70b9b3c8d997fcfbf1bcab7a12c"
WebBasket: many small fixes and improvements

- Replaces various dblayer functions that would return faulty values
  due to GROUP_CONCAT with improved versions of them. Improves handling
  and parsing of the values returned by the dblayer functions to create
  the main WebBasket interface. Removes all calls of the eval() function
  and replaces them with safer functions. Sanitizes user input coming
  fromthrough GET and POST variables. Sanitizes special HTML characters
  like '&'.
  (closes #879)

- Improves creation of HTML Select form elements to be compatible with
  all major browsers.
  (closes #878)
@invenio-developers
Collaborator

Originally by Nikolaos Kasioumis nikolaos.kasioumis@cern.ch on 2012-08-09

In 3b12ca3:

#CommitTicketReference repository="" revision="3b12ca392b4ab70b9b3c8d997fcfbf1bcab7a12c"
WebBasket: many small fixes and improvements

- Replaces various dblayer functions that would return faulty values
  due to GROUP_CONCAT with improved versions of them. Improves handling
  and parsing of the values returned by the dblayer functions to create
  the main WebBasket interface. Removes all calls of the eval() function
  and replaces them with safer functions. Sanitizes user input coming
  fromthrough GET and POST variables. Sanitizes special HTML characters
  like '&'.
  (closes #879)

- Improves creation of HTML Select form elements to be compatible with
  all major browsers.
  (closes #878)
@invenio-developers
Collaborator

Originally by Nikolaos Kasioumis nikolaos.kasioumis@cern.ch on 2012-08-09

In 3b12ca3:

#CommitTicketReference repository="" revision="3b12ca392b4ab70b9b3c8d997fcfbf1bcab7a12c"
WebBasket: many small fixes and improvements

- Replaces various dblayer functions that would return faulty values
  due to GROUP_CONCAT with improved versions of them. Improves handling
  and parsing of the values returned by the dblayer functions to create
  the main WebBasket interface. Removes all calls of the eval() function
  and replaces them with safer functions. Sanitizes user input coming
  fromthrough GET and POST variables. Sanitizes special HTML characters
  like '&'.
  (closes #879)

- Improves creation of HTML Select form elements to be compatible with
  all major browsers.
  (closes #878)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.