Details
New Feature
Major
Description
We do not have any suitable param type to filter tags used in blogs, interests etc. - PARAM_FILE could be used, but is not optimal.
It should:
- sanitize ASCII range - not XSS and SQL injections
- remove majority of non letters+numbers
- trim + normalize whitespace
Issue Links
| This issue has been marked as being related by: | ||||
| MDL-11048 | tag/lib.php issues |
|
|
|
Activity
Hide
Eloy Lafuente (stronk7)
added a comment -
Err... I've seen that numeric tags aren't allowed anymore under PARAM_TAG.
Uhm... not sure if it's a good idea (I can imagine tags where numbers should be used). Do we need really to be so restrictive?
Ciao 
Show
Eloy Lafuente (stronk7)
added a comment - Err... I've seen that numeric tags aren't allowed anymore under PARAM_TAG.
Uhm... not sure if it's a good idea (I can imagine tags where numbers should be used). Do we need really to be so restrictive?
Ciao
Hide
Petr Škoda (skodak)
added a comment -
Unfortunately the new interests tags system breaks if you use numeric tags such as 666 - we could remove this restriction if we rewrite that thing 
Show
Petr Škoda (skodak)
added a comment - Unfortunately the new interests tags system breaks if you use numeric tags such as 666 - we could remove this restriction if we rewrite that thing
in cvs