Re: [CakePHP : The Rapid Development Framework for PHP] #6285: Sanitize::clean($this->data) breaks Security Component

Sat, 11 Apr 2009 14:10:19 -0700 

#6285: Sanitize::clean($this->data) breaks Security Component
--------------------------------------------+-------------------------------
    Reporter:  michaelc                     |         Owner:           
        Type:  Bug                          |        Status:  closed   
    Priority:  Medium                       |     Milestone:  1.2.x.x  
   Component:  Core Libs                    |       Version:  1.2 Final
    Severity:  Normal                       |    Resolution:  wontfix  
    Keywords:  sanitize security clean all  |   Php_version:  n/a      
Cake_version:  1.2.2.8120                   |  
--------------------------------------------+-------------------------------
Changes (by mark_story):

  * status:  new => closed
  * resolution:  => wontfix

Comment:

 Well I think sanitizing everything is a bit overkill and causes problems
 as you encountered.  I don't think changing either class is appropriate,
 as if you are sanitizing you will want to escape % as to prevent url
 encoding issues.  And you want security component to fail if anything is
 at all different.  So in this case perhaps too much paranoia is a bad
 thing.  Furthermore, you can move the {{{Sanitize->clean()}}} into the
 actions it is needed and skip this issue, while still benefiting from
 both.
 [[BR]]
 [[BR]]
 Since I don't think that comprimising either class is a good idea, going
 to close as wontfix. :)

-- 
Ticket URL: <https://trac.cakephp.org/ticket/6285#comment:1>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design 
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC. 
Our primary goal is to provide a structured framework that enables PHP users at 
all levels to rapidly develop robust web applications, without any loss to 
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
  • [CakePHP : The Rapid Dev... CakePHP : The Rapid Development Framework for PHP
    • Re: [CakePHP : The ... CakePHP : The Rapid Development Framework for PHP

Reply via email to