[Phpslash-devel] yet more suggestions for .73...
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
[Phpslash-devel] yet more suggestions for .73...
|
From: Luis M <le...@ho...> - 2003-05-10 23:32:13
|
ummm it seems that posting code to an article causes phpslash to parse the
code. This makes yet another suggestion for the future release:
#. Do not parse code coming from articles.
Things like having $php variables, or {VAR} containers for templates... They
should all be escaped if the text comes from an article. That could
potentially eliminate all types of cross-site scripting and sql-code
injection that <i>might</i> be lurking in the phpslash code...
At least people should have the option to turn code parsing off, in case
somebody actually wants to allow this for his/her site.
Suggestions?
P.S. For the meantime I'll try to escape as much as I can by hand (as I
usually do).
----)(-----
Luis Mondesi
System Administrator
LatinoMixed.com
le...@ho...
"...The Mac does this so smoothly, it feels like an extension of your mind."
- Paula Speer, MacWorld Magazine 2003-04
Public signature: http://www.latinomixed.com/lems1/public-a.asc
_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp
|
