Closed
Bug 431399
Opened 16 years ago
Closed 16 years ago
Audit AmoComponent::clean ($this->Amo->clean) calls?
Categories
(addons.mozilla.org Graveyard :: Public Pages, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 373767
People
(Reporter: stephend, Unassigned)
Details
Should we audit AmoComponent::clean ($this->Amo->clean) calls? See https://bugzilla.mozilla.org/show_bug.cgi?id=400583#c8 (because I lay no claim to understanding most of it).
Comment 1•16 years ago
|
||
Short summary: Any code that calls Amo->clean() escapes user input to make it safe for SQL, but when an error occurs, this data is written back to the view so that the user can correct it. In the process of that, it is HTML-entity-encoded for the view. Writing code back to the view that was just prepared for SQL already is probably what causes escaped entities in user-entered text.
Updated•16 years ago
|
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•