• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
New post from Full-disclosure mailing list about CI 1.5.3 vulnerabilities

#11
[eluser]Derek Jones[/eluser]
[quote author="david_ais" date="1184356461"]Can you confirm - does v1.5.4 fully address these vulnerabilities?


Regards

David Bell[/quote]

1, 2, and 3, yes. For 4, as I told Mr. Pilorz when he first emailed me about this list, responsibility falls on the developer of an application, not the framework, to validate any user input used in a helper function in such a manner. It would be akin to doing the following without any validating or sanitization:

Code:
echo $_POST['foo'];


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.