search

philsturgeon / codeigniter-oauth2

NO LONGER ACTIVELY MAINTAINED. USE https://github.com/thephpleague/oauth2-client INSTEAD
http://getsparks.org/packages/oauth2/versions/HEAD/show
351 stars 178 forks source link

Update libraries/OAuth2.php #38

Closed FDiskas closed 11 years ago

FDiskas commented 11 years ago

For security reason

philsturgeon commented 11 years ago

What is the security implication here? You are passing things from the URL directly into the library? That sounds like a bad idea. Escape this properly outside the library. Do an in_array of allowed providers.