Re: [Aikiframework-devel] [Bug 735661] Re: JSON-RPC support is needed

rejon Mon, 12 Dec 2011 06:21:34 -0800

cool, hook it up!

On Mon, Dec 12, 2011 at 8:01 AM, Jakub Jankiewicz
<735...@bugs.launchpad.net> wrote:
> You need to handle security by yourself. It just call a function like
> extension but by sending JSON to php script. So if user don't escape
> variables to execute sql statement, someone may use SQL Injection but
> the same is with extension if you write extension
>
> class Foo {
>   function get_user_info($id) {
>      global $db;
>      return json_encode($db->get_results("SELECT username, email FROM 
> aiki_users WHERE userid = $id'));
>   }
> }
>
> and create widget with url user_info
>
> (script( $aiki->Foo->get_user_info(GET[id]); )script)
>
> everybody can call a widget /user_info?id=10 union select username,
> password from aiki_users
>
> and get all users passwords.
>
> If you can't write secure extensions the same will be with JSON-RPC
>
> --
> You received this bug notification because you are subscribed to
> aikiframework.
> https://bugs.launchpad.net/bugs/735661
>
> Title:
>  JSON-RPC support is needed
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/aikiframework/+bug/735661/+subscriptions



-- 
Jon Phillips 王✳爻气 http://fabricatorz.com ✳ skype: kidproto ✳ irc: rejon
+1.415.830.3884 (global) ✳ +86-187-1003-9974 (beijing)

-- 
You received this bug notification because you are a member of Aiki
Framework Developers, which is subscribed to aikiframework.
https://bugs.launchpad.net/bugs/735661

Title:
  JSON-RPC support is needed

Status in Aiki Framework:
  Triaged

Bug description:
  There sould be implementation for aiki functionality via JSON-RPC or
  implementation that allow users to create one using widgets.

  I found the in this file /assets/javascript/plupload/upload.php
  embedded json-rpc this can be done automatically.

  If you need json-rpc implementation here is mine

  https://github.com/jcubic/jquery.terminal/raw/master/examples/json-
  rpc.php

To manage notifications about this bug go to:
https://bugs.launchpad.net/aikiframework/+bug/735661/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~aikiframework-devel
Post to     : aikiframework-devel@lists.launchpad.net
Unsubscribe : https://launchpad.net/~aikiframework-devel
More help   : https://help.launchpad.net/ListHelp

Re: [Aikiframework-devel] [Bug 735661] Re: JSON-RPC support is needed

Reply via email to