filter_input -> filter_var#2
Merged
Merged
Conversation
Owner
|
`"Never trust provided data! Screen all data for malicious patterns or, even better, check all data against an allow list." "Always perform Input validation on the server side for security. While client-side validation is useful for both functional and security purposes, it is easily bypassed."` |
Contributor
Author
|
...i don't think I mentioned client-side validation anywhere in my PR 😅.... |
Contributor
Author
|
Thanks Nicolas |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I reinstated the filter_input methods and added filter_var.
In FastCGI/FPM environments, filter_input is unreliable. Data is read directly from the raw input buffer managed by SAPI. This means that in containerised environments, data reading between the web server and fpm may fail. Alternatively, in some bad practices, where information is overwritten, unexpected results may occur.