Bug: using REQUEST unfiltered into database call?

  • I see you are using $_REQUEST, which is generally a bad idea, since COOKIEs or GET could be set more easily than a POST, which could cause XSS issues, right?

    And then when you just explode() the value and pass into the database without a prepare statement, I think you are asking for trouble, aren’t you?

Viewing 1 replies (of 1 total)
  • Plugin Author Boone Gorges

    (@boonebgorges)

    Thanks for bringing this to my attention, though perhaps a ticket on the support forum is not the most judicious place for a potential security issue ??

    Some of the _REQUEST issues are difficult to extract because the plugin uses both GET and POST requests in certain places.

    That being said, I’ve made a few changes in the most recent release:

    • Clarified GET vs POST where possible
    • Improved escaping. I couldn’t see any specific vectors for XSS, but I added some hardening
    • Improved sanitization when parsing keys
Viewing 1 replies (of 1 total)
  • The topic ‘Bug: using REQUEST unfiltered into database call?’ is closed to new replies.