HTMLTOPDF_PATH config value gets escaped
Reported by dleffler | July 15th, 2011 @ 09:21 PM
The value is saved with slashes and treated if it were a variable with an "_HTML" ending by subsystems\config.php
Comments and changes to this ticket
-
rasseljandavid (at gmail) July 18th, 2011 @ 07:14 AM
- Assigned user set to “rasseljandavid (at gmail)”
- State changed from “open” to “resolved”
I removed the stripslashes in the update_siteconfig function under administrationController since this is the reason why the HTMLTOPDF_PATH and HTMLTOPDF_PATH_TMP is being escaped.
We can however create an implication in the loop to check if the value is either HTMLTOPDF_PATH or HTMLTOPDF_PATH_TMP but I "think" this is unnecessary since we don't want to add hard-coded in there and the value for the config are being saved under the config.php not in db. So in terms of security the stripslashes function for me is unnecessary. Please quote me on this if I'm wrong.
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
expNinja