APPDB - patch

[Chris Morgan]

Looks better.

Why are we calling strip_tags() here and a few other locations but not 
consistently?  Should we be calling strip_tags() on nearly all of the input 
parameters?

+$aClean['appId'] = makeSafe(strip_tags($_POST['appId']));
+$aClean['versionId'] = makeSafe(strip_tags($_POST['versionId']));
+$aClean['confirmed'] = makeSafe(strip_tags($_POST['confirmed']));
+$aClean['superMaintainer'] = makeSafe(strip_tags($_POST['superMaintainer']);



There is some inconsistent indenting here:

+
+	$aClean = array(); //array of filtered user input
+
+	$aClean['appCatId'] = makeSafe($_REQUEST['appCatId']);
+	$aClean['appName'] = makeSafe($_REQUEST['appName']);
+        $aClean['appVendorName'] = makeSafe($_REQUEST['appVendorName']);
+	$aClean['appVendorId'] = makeSafe($_REQUEST['appVendorId']);
+        $aClean['appDescription'] = makeSafe($_REQUEST['appDescription']);
+


I'll try to fix any of these I notice before applying the patch.  The standard 
with appdb code is to use spaces and not tabs btw.

Btw, have you tested that with this patch you are able to submit an 
application and a version and that all of the html formatted contents of the 
app description and the like comes through correctly?

Chris



On Wednesday 14 June 2006 8:25 pm, EA Durbin wrote:
> Security enhancements.
>
> Filter all potential user input for tainted data.
>
> I've removed my separate patches. Here is my updated security patch with
> the corrections as suggested.