On Wed, Oct 15, 2008 at 5:18 PM, Ziba Scott <[EMAIL PROTECTED]> wrote: > When editing contacts, some invalid characters are not stripped or > handled in some way. They make it all the way to the sql statement > before things trip up. (Using a prepare statement thankfully prevents > injecting a second statement. More details in: > http://trac.roundcube.net/ticket/1485504) > > I can work on a patch, but I'd appreciate some guidance first: > > Should the backend explicitly validate the input against a regular > expression? > What is valid/invalid? > How should the interface report bad characters and/or failed contact > saves to the user? > > Thanks, > Ziba > > Webmaster Team > University of Michigan
I replied, let me know if this helps. :) Thanks for all input! Till _______________________________________________ List info: http://lists.roundcube.net/dev/
