#6134: Paginator helper has XSS problem
---------------------------+------------------------------------------------
Reporter: ichikaway | Owner: mark_story
Type: Bug | Status: closed
Priority: High | Milestone: 1.2.x.x
Component: Helpers | Version: 1.2 Final
Severity: Major | Resolution: fixed
Keywords: | Php_version: n/a
Cake_version: 1.2.1.8004 |
---------------------------+------------------------------------------------
Comment (by mark_story):
Yes, after talking about the issue with the rest of the team, we figured
that simply solving the page param would only move the issue to other
params. So by escaping the url after its been assembled we can just
prevent the issue for all params.
--
Ticket URL: <https://trac.cakephp.org/ticket/6134#comment:9>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
