[nycphp-talk] Filter Input, Escape Output Stinks
cliff at pinestream.com
Thu Jun 29 07:18:11 EDT 2006
Are we allowed to rant on here?
So I have been trying very hard to heed some management advice:
"Sometime it's best not to look under the hood." Of course I should know
better as last time I tried that strategy, I threw a crank rod --
But look I did... That's interesting an echo value in a text input
field. Ok, no big deal; it's not a echo post or get. Trace
backwards...surprise, surprise...the assignment was made earlier with no
filtering or escaping. As it was in the other 6,000 lines of code!
Oh the joys of sub-contracting. It is going to be an unpleasant July 4th
weekend. As I said, Filter Input, Escape Output Stinks.
Hey, at least it may be raining anyway...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the talk