Run variables taken from $_POST through check_plain(). Use !empty() instead of isset() when checking if these variables are present.

Comments

Liam Morland’s picture

Status:Active» Patch (to be ported)

Fixed in 78c456a.

Liam Morland’s picture

Version:7.x-1.x-dev» 6.x-1.x-dev
Liam Morland’s picture

Assigned:Liam Morland» Unassigned

  • Liam Morland committed 78c456a on 7.x-1.x, 7.x-2.x
    Issue #1732780: Improve handling of $_POST. Use check_plain() on these...

  • Liam Morland committed 78c456a on 8.x-2.x
    Issue #1732780: Improve handling of $_POST. Use check_plain() on these...

  • Liam Morland committed 78c456a on 6.x-2.x
    Issue #1732780: Improve handling of $_POST. Use check_plain() on these...

  • hass committed 0a0c069 on 6.x-1.x authored by Liam Morland
    Issue #1732780 by Liam Morland: Improve handling of $_POST
    
hass’s picture

Issue summary:View changes
Status:Patch (to be ported)» Fixed

Status:Fixed» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.