-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
テンプレートで用いられている、req.get("id")
などの廃止
#338
Comments
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
uzulla
added a commit
to uzulla/fc2blog
that referenced
this issue
Aug 8, 2021
fc2dev
added a commit
that referenced
this issue
Aug 12, 2021
…ender-html テンプレートで用いられている、req.get("id")などの廃止 #338
マージいただきましたので、クローズいたします。 残は別ISSUE にて行います。 #357 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
blog/app/twig_templates/admin/tags/edit_sp.twig
Line 35 in d7f1d14
など、一部パラメタより値を取得している箇所があるが、これらはセキュリティ的に正しくないので廃止する(モデルなどから引けた値をもちいるように修正する)
また、
back_url
系については、オープンリダイレクタに近い悪用ができる可能性がある。廃止か、緩和の対策を行う(調査し、別ISSUEにするかもしれません)。The text was updated successfully, but these errors were encountered: