User input sanitization

Comments & Activities

Issue created by @bigbabert
Comment 8 days ago →
🇮🇳India vishal.kadam Mumbai
Comment 8 days ago →
🇮🇳India vishal.kadam Mumbai
https://git.drupalcode.org/project/ai_seo_link_advisor/-/blob/1.0.x/src/...

The code you've pointed out is not handling direct user input - it retrieves the URL value from the current URL's query parameter.

https://git.drupalcode.org/project/ai_seo_link_advisor/-/blob/1.0.x/src/...

I'll update the form code to sanitize the user input before it's included as a query parameter in the URL.
Comment 8 days ago →
System Message

vishal.kadam → committed c230d1e7 on 1.0.x
Issue #3525887: User input sanitization
Comment 8 days ago →
🇮🇳India vishal.kadam Mumbai
Comment 8 days ago →
🇮🇹Italy bigbabert Milano, Italy
Hi @vishal.kadam,

injections can be done also via query string parameters!

eg. if user open the url and change manually the parameter injecting malicious code this will affect websites.

Best regards
Comment 8 days ago →
System Message

vishal.kadam → committed e8b6d9c0 on 1.0.x
Issue #3525887: User input sanitization
Comment 8 days ago →
🇮🇳India vishal.kadam Mumbai
The code has been updated.
Comment 8 days ago →
🇮🇹Italy bigbabert Milano, Italy
It will be good to make users know about the vulnerability, affected versions and needed remediation.

Comments & Activities