Run variables taken from $_POST through check_plain(). Use !empty() instead of isset() when checking if these variables are present.

Comments

Liam Morland’s picture

Status:Active» Patch (to be ported)

Fixed in 78c456a.

Liam Morland’s picture

Version:7.x-1.x-dev» 6.x-1.x-dev
Liam Morland’s picture

Assigned:Liam Morland» Unassigned

  • Liam Morland committed 78c456a on 7.x-1.x, 7.x-2.x
    Issue #1732780: Improve handling of $_POST. Use check_plain() on these...