Need to clean "slashes" usage.
|Target version:||Candidate for next major version|
Problem example : rules engine
input => slashes protected
output => not protected
Should be consistent.
#1 Updated by moyo about 11 years ago
- post / get values : slashes protected.
- From DB : not slashes protected.
Need to have the save behaviour.
Idea : all datas are [not] slashes protected.
- slash protected :
- more secure but need to filter all display due to slashes
- problem with may have problem on regex (need to stripslashes before)
- addslashes on DB insert, update or select
- clean slashes getting datas from DB
- do clean_cross_side_scripting on post/get for security
- prerequisite : use standard functions for SQL requests SqlRequestsFramework