[MDL-24058] kill all addslashes and stripslashes - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.0
Fix Version/s: 2.0
Component/s: General
Labels:
None

Affected Branches:
MOODLE_20_STABLE
Fixed Branches:
MOODLE_20_STABLE

Description

WE must not use addslashes at all - it is either or bug or even security issue (XSS in case of JS, SQL injection in sql selects)

Attachments

Issue Links

has been marked as being related by

MDL-24059 mod/scorm is using stripslashes()

Closed

Activity

People

Assignee:: Petr Skoda

Reporter:: Petr Skoda

Tester:: Nobody

Participants:: Anthony Borrow, Petr Skoda

Component watchers:: Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Sep/10 4:15 AM

Updated:: 14/Dec/10 1:19 AM

Resolved:: 03/Sep/10 4:57 AM

Fix Release Date:: 24/Nov/10