[pLog-svn] r3682 - plog/trunk/class/action

Oscar Renalias oscar at renalias.net
Mon Jul 3 20:31:47 GMT 2006


We should at least review all the code under class/action/ and make
sure that all the data loaded from the request is properly validated.
I will try to take a look.

On 7/3/06, Mark Wu <markplace at gmail.com> wrote:
> Hi Oscar:
>
> I have no idea how to do this easily, maybe review all the codes...
>
> Or we can ask Ramos how he found these bugs. I believe the "hackers" must
> have some intelligence ways to do this. :)
>
> Mark
>
> > -----Original Message-----
> > From: plog-svn-bounces at devel.lifetype.net
> > [mailto:plog-svn-bounces at devel.lifetype.net] On Behalf Of
> > Oscar Renalias
> > Sent: Tuesday, July 04, 2006 3:53 AM
> > To: plog-svn at devel.lifetype.net
> > Subject: Re: [pLog-svn] r3682 - plog/trunk/class/action
> >
> > Is there any chance we can track down and validate all other
> > input variables that we're using in the code?
> >
> > Oscar
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.lifetype.net
> > http://devel.lifetype.net/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>


More information about the pLog-svn mailing list