Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-2465

Use phpids for intrusion detection and to log / prevent scripting attacks

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Major
          • Resolution: Fixed/Completed
          • Affects Version/s: 1.9, 2.0
          • Fix Version/s: 2.1
          • Component/s: None
          • Labels:
            None

            Description

            instead of the simple regex we currently have lets use htmlpurifier. Would be great for it to have a check option

            http://php-ids.org/

            in addition we might want to purify all the html entered via a WYSIWYG editor with htmlpurifier which cleans up html. most of our text/textareas are not html, and hence htmlpuriifier is not a great option in those cases

              Attachments

                Activity

                  People

                  • Assignee:
                    deepak Deepak Srivastava
                    Reporter:
                    lobo Donald A. Lobo
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: