PEAK XOOPS - How about starting security/development forum 
How about starting security/development forum
- You cannot open a new topic into this forum
- Guests cannot post into this forum
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2006/11/16 18:58
stefan88
Posts: 15
Posts: 15
Hi GIJOE,
first, thank you for all the work you are doing for xoops!
How about starting a forum(s) for security - module development, php, xoops, web server ... And maybe in module development in general?
I already have some questions for the security forum
first, thank you for all the work you are doing for xoops!
How about starting a forum(s) for security - module development, php, xoops, web server ... And maybe in module development in general?
I already have some questions for the security forum
Votes:7
Average:10.00
GIJOE
Posts: 4110
Posts: 4110
I'm not a specialist for the security
Anyway, you can post such questions to Etc. forums.
I'll answer if the question is answerble for me
Anyway, you can post such questions to Etc. forums.
I'll answer if the question is answerble for me
Votes:9
Average:8.89
stefan88
Posts: 15
Posts: 15
Well, I have an edit field, where user enters url.
I do " $myts->addSlashes..." before saving into database and "$myts->htmlSpecialChars..." before display.
Is that ok and what else should I do?
Votes:8
Average:8.75
GIJOE
Posts: 4110
Posts: 4110
Quote:
- "user enters url"
You should know some URL's from javascript : or about :
- $myts->addSlashes
You should know $myts->addSlashes behave curiously.
Under the environment magic_quotes_gpc=on, it never escapes slashes.
POST,GET -> ($myts->stripSlashes) -> raw data
raw data -> (addslashes or mysql_*_escape instead of $myts->addSlashes) -> string for MySQL
This is the right way.
stefan88 wrotes:
Well, I have an edit field, where user enters url.
I do " $myts->addSlashes..." before saving into database and "$myts->htmlSpecialChars..." before display.
Is that ok and what else should I do?
- "user enters url"
You should know some URL's from javascript : or about :
- $myts->addSlashes
You should know $myts->addSlashes behave curiously.
Under the environment magic_quotes_gpc=on, it never escapes slashes.
POST,GET -> ($myts->stripSlashes) -> raw data
raw data -> (addslashes or mysql_*_escape instead of $myts->addSlashes) -> string for MySQL
This is the right way.
Votes:9
Average:8.89
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2006/11/21 16:05
stefan88
Posts: 15
Posts: 15
Hi,
Thank you very much
Quote:
Did not know that ...
Thank you
Thank you very much
Quote:
GIJOE wrotes:
You should know $myts->addSlashes behave curiously
Did not know that ...
Thank you
Votes:12
Average:10.00
Login