#879: WebBasket: User input has to be better washed and sanitized
------------------------+----------------------
Reporter: nkasioum | Owner: nkasioum
Type: defect | Status: closed
Priority: minor | Milestone: v1.0
Component: WebBasket | Version:
Resolution: fixed | Keywords:
------------------------+----------------------
Changes (by Nikolaos Kasioumis <nikolaos.kasioumis@…>):
* status: in_merge => closed
* resolution: => fixed
Comment:
In [3b12ca392b4ab70b9b3c8d997fcfbf1bcab7a12c]:
{{{
#!CommitTicketReference repository=""
revision="3b12ca392b4ab70b9b3c8d997fcfbf1bcab7a12c"
WebBasket: many small fixes and improvements
* Replaces various dblayer functions that would return faulty values
due to GROUP_CONCAT with improved versions of them. Improves handling
and parsing of the values returned by the dblayer functions to create
the main WebBasket interface. Removes all calls of the eval() function
and replaces them with safer functions. Sanitizes user input coming
fromthrough GET and POST variables. Sanitizes special HTML characters
like '&'.
(closes #879)
* Improves creation of HTML Select form elements to be compatible with
all major browsers.
(closes #878)
}}}
--
Ticket URL: </ticket/879#comment:3>
Invenio <http://invenio-software.org>
