1. Fixes #0000209: Escape and Limit all Environment variables passed in GET. 2. We already escape anything, that goes from request to database queries to prevent sql injections. 3. Add check for "../" (prevents going outside In-Portal directory) and for whitespace like symbols (makes sure, that ".tpl" is always added at the end of template name) in template names.
Loading ...