On 01.10.2009, at 19:58, Mathias Böttcher wrote:
Hi David,
Hi Mathias,
as mentioned in the chat I'm using AgaviJsonDecodeValidator from the development branch. You mentioned that I should not use it due to security risks. Can you give me more details, please? Thx in advance.
The main issue is that it exports values from the JSON as-is, which might lead to values that already exist in the request data to be overwritten.
This validator was supposed to be the foundation for the input types concept of Agavi 1.1, but it proved insufficiently flexible and in general posed a bunch of problems, including the one mentioned above which could also have security implications; we have thus moved input types to milestone 1.2 for now.
- David
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ users mailing list [email protected] http://lists.agavi.org/mailman/listinfo/users
