Contributions
Filter ID
Using this script, you can avoid trivial verification of php scripts deployed on your store those not checking the data types when accessing the database thus having potential security holes in your store’s code.
This module filters parameters passed during page transitions through the HTTP_GET_VARS and HTTP_POST_VARS arrays. This reduces the risk of sql string injection to the parameters with scripts that do not explicitly check for an integer data type thus allowing malicious code to run uncontrolled. The current implementation targets table identifiers but also provides a custom array for specific parameters that require integer data type verification. Such parameters can be used by other contributions for comparisons before setting/retrieving information to/from the dbase.
Forum Support Thread:
http://forums.oscommerce.com/index.php?showtopic=175472
 Filter ID v1.01 |
15 Oct 2005 |
This is a complete version
Bug Fixes/Updates v1.01
- Code added to check identifiers within arrays.
- Fix when removing items from the shopping cart.
- Fix adding items with product attributes (default custom array modified to exclude straight id strings.
- Escape string filtering added.
- Added instructions for those using SEO url contributions.
 Notes Update |
13 Oct 2005 |
| Filter ID |
13 Oct 2005 |
Note: Contributions are used at own risk.
