#544: Potentially unsafe global request data is accessible in
Action::initialize() and View::initialize() and others
---------------------+------------------------------------------------------
Reporter: david | Owner: david
Type: defect | Status: new
Priority: high | Milestone: 0.11
Component: _OTHER_ | Version: 0.11.0RC5
Severity: major | Resolution:
Keywords: |
---------------------+------------------------------------------------------
Comment (by MugeSo):
change in ValidationRunTimeCache.patch is
controller/
CHG:
AgaviExecutionContaioner
ADD: validateRequestData: validate container's requestData
filter/
CHG:
AgaviExecutionFilter
CHG: runAction: replace validation to using
AgaviExecutionContaioner::validateRequestData
Example:
class SomeAction extends AgaviAction
{
public getCredentials()
{
$container = $this->getContainer();
if($container->validateRequestData()) {
// validated, you can use requestData safe.
} else {
// not validated!! requestData is unsafe.
}
}
}
--
Ticket URL: <http://trac.agavi.org/ticket/544#comment:2>
Agavi <http://www.agavi.org/>
An MVC Framework for PHP5
_______________________________________________
Agavi Tickets Mailing List
[email protected]
http://lists.agavi.org/mailman/listinfo/tickets
