[pLog-svn] r3522 - plog/branches/lifetype-1.0.5/class/action
plogworld at jon.limedaley.com
Sat Jun 3 23:21:53 GMT 2006
I updated a blog to 1.0.5. I see this in the referrer logging:
152969 Query INSERT INTO plog_statistics
(`blog_id`, `article_id`, `time`, `ip`, `refer`, `agent`) VAL
'20060603191915', '', '', '
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:184.108.40.206) Gecko/20060426
Firefox/220.127.116.11 WebWasher 3.4')
I suppose this is okay, since it is quoted, and presumably any quoted
string will be escaped properly, but it would be nicer to have it just
fail, and not enter anything. Is the plog_statistics table a plugin, or
is that part of the core?
On Sun, 4 Jun 2006, Oscar Renalias wrote:
> I think this should fix them all, at least on the public side of the blog.
> We should also audit the code in 1.1.
> On 4 Jun 2006, at 01:28, oscar at devel.lifetype.net wrote:
>> Author: oscar
>> Date: 2006-06-03 22:28:33 +0000 (Sat, 03 Jun 2006)
>> New Revision: 3522
>> added some validation to all action classes, looks like we had forgotten it
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
Eat drink and be merry, for tomorrow they may make it illegal.
More information about the pLog-svn