Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Help me become a better developer!
Help me become a better developer!
  • El Forum
    Guest
  •  
#6
07-19-2007, 12:04 AM

[eluser]Rick Jolly[/eluser]
Another issue - xss. See the comments below:
Code:
function comments() {
  $this->view->set('Title', $this->awTitle.' (Comments)');
  $this->view->set('Header', $this->awHeader);

  if( !$this->uri->segment(2) || !ctype_digit($this->uri->segment(2)) ) {
   $this->view->set('Query_News',  $this->blog->get_latest_news(1));
   $this->view->set('Query_Comments', $this->blog->get_comments());
  } else {
   $this->view->set('Query_News', $this->blog->get_news_by_id( $this->uri->segment(2) ));
   $this->view->set('Query_Comments', $this->blog->get_comments( $this->uri->segment(2) ));
  }
  
  // This could be a problem since you are assigning potentially unclean data to the view.
  // You should move this into your "else" above.
  $this->view->set('CommentID', $this->uri->segment(2));
  
  $this->view->load('blog/comments');
}


Messages In This Thread
Help me become a better developer! - by El Forum - 07-18-2007, 10:35 PM
Help me become a better developer! - by El Forum - 07-18-2007, 10:51 PM
Help me become a better developer! - by El Forum - 07-18-2007, 10:53 PM
Help me become a better developer! - by El Forum - 07-18-2007, 11:05 PM
Help me become a better developer! - by El Forum - 07-18-2007, 11:32 PM
Help me become a better developer! - by El Forum - 07-19-2007, 12:04 AM
Help me become a better developer! - by El Forum - 07-19-2007, 12:15 AM
Help me become a better developer! - by El Forum - 07-19-2007, 10:02 AM



Theme © iAndrew 2016 - Forum software by © MyBB