Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Filtering User Input


Recommended Posts

Suprisingly there is no user input filter for oscommerce :whaasup: . This makes it vulnerable to scripting and SSI. This is especially dangerous on a server that has SSI enabled.


Would suggest at least changing this line in the function tep_db_prepare_input in functions/database.php


return trim(stripslashes($string));


to something like:


return trim(preg_replace("/<|>|/","",$string));

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...