May 30, 2011

security issue with regular expressions

Ok, yii fixed it's security issue with regular expressions in validators I was worried about.

It comes out that serious php applications use regular expressions as a tool for checking user input, not paying attention to the documented limitations.

Everyone around talks about sql injections, but when it comes to regular expressions, you need to explain this even to the authors of the framework.

In fact, I like how Qiang closes bugs in yii in minutes, most important is make him notice them :)

No comments: