Hi, > This is very good news, this thing *had* to be done, thanks for doing > that grunt work ! :).
Good enough to discard the idea of migrating from Savane to GForge ? :) > Now if PHP had something like input tainting... I'm not a PHP wizard, but > is there some systematic way of looking for potential SQL injections or > cross-site scripting issues ? Input tainting can be a simple use of a function called ereg / eregi . Just filtering values or characters inside a variable by passing it trough .foreach. and then using eregi on them with a die funcion or similar ( ex: setting $feedback to a warning message ). This is dirty and not elegant , the most elegant solution is using stripslashes or addslashes . Mathiu Roy has worked out in thisbefore ( and after 9 i wrote a little "hack" for Savane code but after that we removed the hack and i started working hard with my branch. Cheers ! -------------------------------------- Lorenzo Hernandez Garcia-Hierro <-><->-<-><-><-><-><-><-><-><-> PGP: Keyfingerprint: 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B http://www.tuxedo-es.org ______________________________________
