- Fixes #0000209: Escape and Limit all Environment variables passed in GET.
- We already escape anything, that goes from request to database queries to prevent sql injections.
- Add check for "../" (prevents going outside In-Portal directory) and for whitespace like symbols (makes sure, that ".tpl" is always added at the end of template name) in template names.
Description
Description
Details
Details
- Committed
alex Aug 8 2009, 3:37 AM - Parents
- rINP12228: 1. Fixes #0000206: Change "Output Time" format in English Language pack
- Branches
- Unknown
- Tags
- Build Status
Buildable 3130 Build 3380: After New Commit (Harbormaster Build Plan)