Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Filtering User Input


GatorDev

Recommended Posts

Suprisingly there is no user input filter for oscommerce :whaasup: . This makes it vulnerable to scripting and SSI. This is especially dangerous on a server that has SSI enabled.

 

Would suggest at least changing this line in the function tep_db_prepare_input in functions/database.php

 

return trim(stripslashes($string));

 

to something like:

 

return trim(preg_replace("/<|>|/","",$string));

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...