Checkout
Alex
committed
on 08 Aug 09
1. Fixes #0000209: Escape and Limit all Environment variables passed in GET.
2. We already escape anything, that goes from request to databa… Show more

1. Fixes #0000209: Escape and Limit all Environment variables passed in GET.

2. We already escape anything, that goes from request to database queries to prevent sql injections.

3. Add check for "../" (prevents going outside In-Portal directory) and for whitespace like symbols (makes sure, that ".tpl" is always added at the end of template name) in template names.

INP-172

Show less