[documentation] PHP snippets (once again)

Kieran Lal kieran at civicspacelabs.org
Sun May 7 15:47:24 UTC 2006


On May 7, 2006, at 7:26 AM, Heine Deelstra wrote:

> Dear doc team,
>
> I looked at several snippets yesterday and to my horror many of  
> them contain *obvious*, major security holes. I've spoken with the  
> leader of the security team (chx) and we agreed to unpublish all  
> obviously insecure snippets, then have a discussion based on  
> numbers (ok vs. not ok) and how to proceed.
>
> In the limited sample set I've reviewed until now > 50% of the  
> snippets either
>
> - bypass 'access' security (sometimes titles, sometimes full nodes)
> - allow XSS
> - allow SQL injection
> - allow a combination of the above

Snippets are driven by Fergus.  Fergus, what do you want us to do?

Kieran

>
> Regards,
>
> Heine
>
> PS Should we decide to continue with php snippets in this way, I'll  
> also be the one to publish them again :(
> --
> Pending work: http://drupal.org/project/issues/documentation/
> List archives: http://lists.drupal.org/pipermail/documentation/
>



More information about the documentation mailing list