Closed Bug 431399 Opened 16 years ago Closed 16 years ago

Audit AmoComponent::clean ($this->Amo->clean) calls?

Tracking

(Not tracked)

Status:

VERIFIED DUPLICATE of bug 373767

People

(Reporter: stephend, Unassigned)

Details

Stephen Donner [:stephend] Not actively reading bugmail

Reporter

Description

•

16 years ago

Should we audit AmoComponent::clean ($this->Amo->clean) calls?

See https://bugzilla.mozilla.org/show_bug.cgi?id=400583#c8 (because I lay no claim to understanding most of it).

Fred Wenzel [:wenzel]

Comment 1

•

16 years ago

Short summary: Any code that calls Amo->clean() escapes user input to make it safe for SQL, but when an error occurs, this data is written back to the view so that the user can correct it. In the process of that, it is HTML-entity-encoded for the view.

Writing code back to the view that was just prepared for SQL already is probably what causes escaped entities in user-entered text.

Fred Wenzel [:wenzel]

Updated

•

16 years ago

Status: NEW → RESOLVED

Closed: 16 years ago

Resolution: --- → DUPLICATE

Stephen Donner [:stephend] Not actively reading bugmail

Reporter

Comment 3

•

16 years ago

Verified dup

Status: RESOLVED → VERIFIED

Nobody; OK to take it and work on it

Assignee

Updated

•

8 years ago

Product: addons.mozilla.org → addons.mozilla.org Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Audit AmoComponent::clean ($this->Amo->clean) calls?

Categories

(addons.mozilla.org Graveyard :: Public Pages, defect)

Tracking

(Not tracked)

People

(Reporter: stephend, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 3

Updated