Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Security and paginate
Security and paginate
  • Offline includebeer
    CodeIgniter Team
  • Posts: 1,018
    Threads: 18
    Joined: Oct 2014
    Reputation: 40
#8
11-05-2021, 02:29 PM
(This post was last modified: 11-05-2021, 02:34 PM by includebeer.)

(11-05-2021, 06:10 AM)kenjis Wrote:
(11-02-2021, 04:38 PM)includebeer Wrote: So I think the best practice would be to type cast the page number to "int" and if the number is <= 0 set the page number to 1. In this particular case, I would blame the framework for not sanitizing the page number since it's a built-in feature of the Pagination library.

CI4 does what you say.
See https://github.com/codeigniter4/CodeIgni...#L415-L417
Ha ok! I thought it was odd that CI4 didn't do that already. Thanks for the confirmation that it already do it! It seams the 500 error has nothing to do with this false positive problem...
(11-04-2021, 09:28 AM)captain-sensible Wrote: Probably its a good idea to avoid GET requests as much as possible since , it  involves a url , and somebody can play with that. 
...
i agree but it seems to be the way that CI4 paginate system works. I once did write a way of doing pagination with POST  requests but forgot how i did it

FYI, POST is no more secure than GET. It's just a different way of sending data.
Reply


Messages In This Thread
Security and paginate - by captain-sensible - 11-02-2021, 03:57 AM
RE: Security and paginate - by includebeer - 11-02-2021, 04:38 PM
RE: Security and paginate - by kenjis - 11-05-2021, 06:10 AM
RE: Security and paginate - by kenjis - 11-02-2021, 09:11 PM
RE: Security and paginate - by captain-sensible - 11-04-2021, 09:28 AM
RE: Security and paginate - by salain - 11-03-2021, 01:08 AM
RE: Security and paginate - by kenjis - 11-03-2021, 01:17 AM
RE: Security and paginate - by includebeer - 11-05-2021, 02:29 PM



Theme © iAndrew 2016 - Forum software by © MyBB