You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a third bug, the same file direct spits out the request parameter figureID which allows someone to insert a < script > tag, leading to an XSS attack.
A fourth bug exists in editDiagram.php, which doesn't check that the request param diagramId is an integer. A string can be passed in, and it's passed along from function to function right into Delegate::getMultiple. Finally addslashes stops the SQL injection fun. By the way, SQLite3 specifically advises against using addslashes (which doesn't work as expected with some multibyte character sets) and to use SQLite3::escapeString instead.
My advice is to be anal about sanitizing user input. I would also use ctype_digit instead of is_numeric as is_numeric will allow passing things like -0123.45e6 where ctype_digit will accept digits only.
Please get back to me so I know these critical security issues have been addressed.
The text was updated successfully, but these errors were encountered:
As a third bug, the same file direct spits out the request parameter figureID which allows someone to insert a < script > tag, leading to an XSS attack.
A fourth bug exists in editDiagram.php, which doesn't check that the request param diagramId is an integer. A string can be passed in, and it's passed along from function to function right into Delegate::getMultiple. Finally addslashes stops the SQL injection fun. By the way, SQLite3 specifically advises against using addslashes (which doesn't work as expected with some multibyte character sets) and to use SQLite3::escapeString instead.
My advice is to be anal about sanitizing user input. I would also use ctype_digit instead of is_numeric as is_numeric will allow passing things like -0123.45e6 where ctype_digit will accept digits only.
Please get back to me so I know these critical security issues have been addressed.
The text was updated successfully, but these errors were encountered: