Solspace Support Forums | Security Hole Found

Security Hole Found

Posted: 22 January 2008 10:31 AM

[ Ignore ]

Newbie

Total Posts: 4

Joined 2007-12-10

On mod.tag.php

find


$tags = explode( "|", $this->tag );

replace with

$this->tag = $DB->escape_str( $this->tag );
$tags = explode( "|", $this->tag );

This closes up a possible security hole and error’s in case people submit a tag with an apostrophe in it.

this is below

/** ----------------------------------------
 /** Count tag
 /** ----------------------------------------*/
 
 function _count_tag ( $page = 1 )

Profile

Posted: 22 January 2008 12:32 PM

[ Ignore ] [ # 1 ]

Administrator

Total Posts: 701

Joined 2004-03-30

Thanks Jarin. We’ll get this into the update que.

Signature

Mitchell Kimbrough

Profile