search

JoomGalleryfriends / JG4-dev

Development repository for JoomGallery v4.x
GNU General Public License v3.0
10 stars 6 forks source link

[All content types] Titles are not sanitationed #56

Closed Elfangor93 closed 1 year ago

Elfangor93 commented 1 year ago

When creating new records of any content type (image, category, config set, tag) you need to enter something in the title field. But the value you eneter is not checked neighter sanitationed. This leads to strange titles when you eneter for example

This could be solved by creating a sanitation of the title field value in the Table::bind() method. Similar as we do for aliases.

How does this sanitation should be like? What do we wanna allow and what should be corrected/cleaned up?

szepty-ziemi commented 1 year ago

Joomla does sanitation for title field in articles or categories. Maybe there is a global sanitation function/method that we can use or just copy their solution?

">" is allowed while "<" is not. If title contains "<" it's not allowed to save and title is not cleared.

AlexanderSupp commented 1 year ago

So what? Is this a problem for us? Now?

Elfangor93 commented 1 year ago

Fixed in PR https://github.com/JoomGalleryfriends/JG4-dev/pull/86. Added the same sanitation as com_content.