Closed mattpascoe closed 6 years ago
Need to update functions_gui.inc.php.. specifically the workspace_plugin_loader function. It currently takes in the $modulename and then uses it raw in output of HTML. This is not optimal, sanitize that output.
"discloses the physical path to its directories"
for example:
produces the following path information :
mattpascoe commented 6 years ago closing this.. the example is poor and what I'm 'recreating' does not seem to be of issue. plus hey.. rewrite the whole gui anyway.
closing this.. the example is poor and what I'm 'recreating' does not seem to be of issue. plus hey.. rewrite the whole gui anyway.
Need to update functions_gui.inc.php.. specifically the workspace_plugin_loader function. It currently takes in the $modulename and then uses it raw in output of HTML. This is not optimal, sanitize that output.
"discloses the physical path to its directories"
for example:
produces the following path information :