Filename sanitization
odilitime opened this issue · comments
I just saw a original filename with single quotes around it
so the extension ended with a single quote
originalfilename: 'filename.ext'
filename: asdfe.ext'
not sure this is desired, just bringing it to your attention.
as clsr mentioned, this is acceptable for filenames
there is nothing wrong with this. the only concern is for SQL injection, which is solved with escaped user input like everything should be
Well it's making our extensions statistics incorrect, so we'll just fix it in our copy
that is a problem with extension statistics code though
SQL injection is not an issue due to the way handled in the code.
URLs are now properly handled.
All should be good now. @ewhal
side note: this is a pomf-php issue