access bypass
http://en.wikipedia.org/wiki/Vulnerability
The following list of articles include references to access bypass vulnerabilities. If you've never heard of this it's basically "mistakenly allowing users to see or do things they weren't supposed to"
The following list of articles include references to access bypass vulnerabilities. If you've never heard of this it's basically "mistakenly allowing users to see or do things they weren't supposed to"
Problems with DB abstraction
Submitted by AjK on 12 December 2008 - 1:33pmIn a previous post< we have described in some detail various aspects of selecting nodes and terms ensuring that Drupal's node access system is respected. However, new and exciting examples continue to arrive at the CVS review doorstep.
Here's some more fopars we deal with on a regular basis...
- $sql = "SELECT nid FROM {node} WHERE type = '%s' AND title = '%s' LIMIT 1";
- $duplicate = db_result(db_query($sql, 'story', $item->title));
Getting nodes and display a list
Submitted by AjK on 9 October 2008 - 3:00pmThis article focuses on one of the main reasons applications are rejected, that it acquires a list of nodes and renders some sort of output to the browser. It's a common task often seen and often done totally wrong.
So, by example, lets look at a snippet of often seen code that's reviewed and rejected and then we'll break it down and examine each point.
- function foo() {
- $sql = "SELECT nid, title FROM {node} WHERE type = 'foo'";
- $result = db_query($sql);
- while ($row = db_fetch_array($r)) {
- $output .= '<li><a href="node/'.$row['nid'].'">'. $row['title'].'</li>';
- }
- return $output;
- }
