Fix user input from direct get post usage
Bug #1732987 reported by
Robert Lyon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Unassigned | ||
16.10 |
Fix Released
|
High
|
Unassigned | ||
17.04 |
Fix Released
|
High
|
Unassigned | ||
17.10 |
Fix Released
|
High
|
Unassigned | ||
18.04 |
Fix Released
|
High
|
Unassigned |
Bug Description
Makes sure the data is using valid utf8, invalid characters are discarded
- avoid null chars and invalid unicode
Also change direct $_GET and $_POST calls
eg change
isset(
$_POST['myparam'] = 'cats' to param_alpha(
etc
CVE References
information type: | Private Security → Public Security |
To post a comment you must log in.
This has been begun with patch /reviews. mahara. org/#/c/ 8191/
https:/