Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-24058

kill all addslashes and stripslashes

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 2.0
    • Fix Version/s: 2.0
    • Component/s: General
    • Labels:
      None
    • Affected Branches:
      MOODLE_20_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE

      Description

      WE must not use addslashes at all - it is either or bug or even security issue (XSS in case of JS, SQL injection in sql selects)

        Attachments

          Issue Links

          has been marked as being related by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-24059 mod/scorm is using stripslashes()

          • Minor - Minor loss of function where workaround is possible
          • Closed

            Activity

              People

              Assignee:
              skodak Petr Skoda
              Reporter:
              skodak Petr Skoda
              Tester:
              Nobody
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                24/Nov/10