- 🇳🇿New Zealand quietone
There are no instances of this in core. Also removing the coding standards tag. If anyone wants to discuss making this a standard, open an issue in the coding standards project.
$ git grep -r "^.*A-z" $
A-z pattern (from upper 'A' to lower 'z') includes such non-obvious characters as:
[ \ ] ^ _ `
See ascii table:
Such an implicit extension of valid characters can lead to undesirable consequences (including security problems). Let's avoid this.
A-z pattern on A-Za-z (or a-zA-Z) in all cases.A-z pattern via code standards.Searching by 'A-z' (with match case regim) found two safe cases:
In both cases, security is provided by additional restrictions:
But I still added a security tag, because I think that this change will help to improve the security of drupal.
Closed: outdated
11.0 🔥
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
There are no instances of this in core. Also removing the coding standards tag. If anyone wants to discuss making this a standard, open an issue in the coding standards project.
$ git grep -r "^.*A-z"
$