mahara-contributors team mailing list archive

Thread
Date

[Bug 1586867] Re: Checking security vulnerabilities when pushing new codes

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Son Nguyen <1586867@xxxxxxxxxxxxxxxxxx>
Date: Mon, 30 May 2016 00:32:24 -0000
Reply-to: Bug 1586867 <1586867@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

A1. Injection
 - SQL Injection
   * Using {}
   * Validate inputs for execute_sql()
 - PHP Injection
   * Validate the input data for unserialize()
 - XSS
   * Escape $string for {$string|safe} in template files
 - Should we clean input html strings before store them in DB?

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1586867

Title:
  Checking security vulnerabilities when pushing new codes

Status in Mahara:
  Confirmed

Bug description:
  Mahara master (16.10)

  It would be good to check security vulnerabilities when pushing new codes.
  Reference: OWASP Top Ten Cheat Sheet - https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet

  Please feel free to update the list of items to check in Mahara code.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1586867/+subscriptions

References

[Bug 1586867] [NEW] Checking security vulnerabilities when pushing new codes
From: Son Nguyen, 2016-05-30