** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17454
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1732987 Title: Fix user input from direct get post usage Status in Mahara: Fix Committed Status in Mahara 16.10 series: Fix Released Status in Mahara 17.04 series: Fix Released Status in Mahara 17.10 series: Fix Released Status in Mahara 18.04 series: Fix Committed Bug description: Makes sure the data is using valid utf8, invalid characters are discarded - avoid null chars and invalid unicode Also change direct $_GET and $_POST calls eg change isset($_POST['myparam']) to param_exists('myparam') $_POST['myparam'] = 'cats' to param_alpha('myparam', null) etc To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1732987/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp