will Posted September 19, 2014 Report Posted September 19, 2014 Does Blesta sanitize/escape values it reads from the database? It seems to sanitize user-input written to the database, but I'm wondering how careful I need to be if I'm writing directly to the database. (e.g. bypassing blesta)
0 will Posted September 20, 2014 Author Report Posted September 20, 2014 I'll take that as a no, then.
0 Michael Posted September 19, 2014 Report Posted September 19, 2014 I believe so, as for CORE-977 you can use this: http://www.blesta.com/forums/index.php?/topic/1852-ldap-authentication-plugin/ CORE-1127 is completed in 3.3.0 beta.
0 Tyson Posted September 19, 2014 Report Posted September 19, 2014 You should always sanitize your input. Michael 1
0 Paul Posted September 20, 2014 Report Posted September 20, 2014 On 9/20/2014 at 1:16 AM, will said: I'll take that as a no, then. Blesta sanitizes output where necessary, you just shouldn't assume that it is if you're writing something custom. Make sure. Michael 1
Question
will
Does Blesta sanitize/escape values it reads from the database? It seems to sanitize user-input written to the database, but I'm wondering how careful I need to be if I'm writing directly to the database. (e.g. bypassing blesta)
4 answers to this question
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now