Re: PHP snippets (once again)

On May 7, 2006, at 7:26 AM, Heine Deelstra wrote:

> Dear doc team,
>
> I looked at several snippets yesterday and to my horror many of  
> them contain *obvious*, major security holes. I've spoken with the  
> leader of the security team (chx) and we agreed to unpublish all  
> obviously insecure snippets, then have a discussion based on  
> numbers (ok vs. not ok) and how to proceed.
>
> In the limited sample set I've reviewed until now > 50% of the  
> snippets either
>
> - bypass 'access' security (sometimes titles, sometimes full nodes)
> - allow XSS
> - allow SQL injection
> - allow a combination of the above

Snippets are driven by Fergus.  Fergus, what do you want us to do?

Kieran

> Regards,
>
> Heine
>
> PS Should we decide to continue with php snippets in this way, I'll  
> also be the one to publish them again :(
> --
> Pending work: http://drupal.org/project/issues/documentation/
> List archives: http://lists.drupal.org/pipermail/documentation/

--
Pending work: http://drupal.org/project/issues/documentation/
List archives: http://lists.drupal.org/pipermail/documentation/