Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

kPoll css missing? (NOTE k-poll contains a potential security risk.)

2»

Comments

  • I dunno, then. I don't see any security issues in its thread list, and this discussion is only a month old.

  • Yes, I think as long as only the admin has access it may be safer. peregrine came up with a fix so it should be ok after implementing it. It is a matter of adding garden formatter to the text box fields for the form.

    @Schryvers said:
    Love how the css is now thanks to free butterfly vrijvlinder t

    Glad that worked for you :)

  • peregrineperegrine MVP
    edited October 2014

    V said: peregrine came up with a fix

    no, I didn't. someone needs to re-write the plugin (what I posted is just the beginning). nor do I recommend using plugin. Each person needs to make their own choices. As I said before, personally, I wouldn't use a plugin with a security flaw.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I think good practices of basic sanitation need to be promoted.

    I mean even if the input is restricted, doesn’t mean that it wouldn't become exposed at some point, and the same author may make another plugin again with no knowledge of sanitation.

    grep is your friend.

  • We could use a tutorial for basic form validation and sanitation ...

Sign In or Register to comment.