asgrim
commented
9 years ago Similar issue here, but much more obvious:
You are storing unfiltered input into the cache - do you trust this data? (probably not, because it is from an external source).
Open asgrim opened 9 years ago
asgrim
commented
9 years ago Similar issue here, but much more obvious:
You are storing unfiltered input into the cache - do you trust this data? (probably not, because it is from an external source).
davidyell
commented
9 years ago Sorry, I don't know how I would make the json api return safe.
https://github.com/davidyell/CakePHP-CurrencyExchange/blob/3.x/src/Console/Command/RatesShell.php#L53
I'm not sure what happens under the hood as I'm not a Cake dev, but it looks like
$this->args[0]is being used completely unfiltered. Always filter input and escape output :)