Is codeigniter vulnerable to XSS attacks through input->user_agent()? |
[eluser]ChiefChirpa[/eluser]
According to http://seclists.org/fulldisclosure/2009/Jul/422 : Quote:$CI->input->user_agent() fails to check the validity of user-agent type. Is this correct? because the session class, tank_auth, etc all call $CI->input->user_agent(), without running it through input->xss_clean()... The method in question (from 1.72): Code: function user_agent() It seems correct to me... |
Welcome Guest, Not a member yet? Register Sign In |