Security and paginate |
I think it was reported as an SQL injection because it succeeded in crashing the application. A crash can display sensible information if the application is not correctly configured. Inputs should always be validated for what you expect to receive. In this case you expect the page number to be a number greater than 0. Not a random string with invalid characters.
So I think the best practice would be to type cast the page number to "int" and if the number is <= 0 set the page number to 1. In this particular case, I would blame the framework for not sanitizing the page number since it's a built-in feature of the Pagination library.
CodeIgniter 4 tutorials (EN/FR) - https://includebeer.com
/*** NO support in private message - Use the forum! ***/ |
Messages In This Thread |
Security and paginate - by captain-sensible - 11-02-2021, 03:57 AM
RE: Security and paginate - by includebeer - 11-02-2021, 04:38 PM
RE: Security and paginate - by kenjis - 11-05-2021, 06:10 AM
RE: Security and paginate - by kenjis - 11-02-2021, 09:11 PM
RE: Security and paginate - by captain-sensible - 11-04-2021, 09:28 AM
RE: Security and paginate - by salain - 11-03-2021, 01:08 AM
RE: Security and paginate - by kenjis - 11-03-2021, 01:17 AM
RE: Security and paginate - by includebeer - 11-05-2021, 02:29 PM
|