25 Oct
2006
25 Oct
'06
6:15 a.m.
False positives / negatives may be present:
googlesearch
This module (of which I am maintainer) has one form, which explicitly targets Google's search API. It never actually posts back to Drupal itself. Is it safe to assume, then, that it's a false positive and doesn't pose a security risk? (If there's something I need to change, I will do so post haste, but it sounds like it's safe since the module does so little.)
Same with customerror.module. The grep on <form caught one of the patches that are included with it. This module does not suffer from this vulnerability, nor is it broken by the fix.