will Posted September 19, 2014 Report Posted September 19, 2014 Does Blesta sanitize/escape values it reads from the database? It seems to sanitize user-input written to the database, but I'm wondering how careful I need to be if I'm writing directly to the database. (e.g. bypassing blesta) Quote
0 will Posted September 20, 2014 Author Report Posted September 20, 2014 I'll take that as a no, then. Quote
0 Michael Posted September 19, 2014 Report Posted September 19, 2014 I believe so, as for CORE-977 you can use this: http://www.blesta.com/forums/index.php?/topic/1852-ldap-authentication-plugin/ CORE-1127 is completed in 3.3.0 beta. Quote
0 Tyson Posted September 19, 2014 Report Posted September 19, 2014 You should always sanitize your input. Michael 1 Quote
0 Paul Posted September 20, 2014 Report Posted September 20, 2014 I'll take that as a no, then. Blesta sanitizes output where necessary, you just shouldn't assume that it is if you're writing something custom. Make sure. Michael 1 Quote
Question
will
Does Blesta sanitize/escape values it reads from the database? It seems to sanitize user-input written to the database, but I'm wondering how careful I need to be if I'm writing directly to the database. (e.g. bypassing blesta)
4 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.