Community Add-Ons

Maintainers: TiM-SE
Add file to this package
Top » Other

[TiM's] Safer Database Input Method
for osCommerce Online Merchant v2.2

Protect your webshop against XSS attacks or HTML code being saved in your database with this 5 seconds modification.

This fixes the whois_online.php vulnerability.

The solution is to edit the tep_db_input() function.

By www.tim-international.net

Legend:  Download   Report
Expand All / Collapse All
Instruction correction TiM-SE 8 Mar 2009  

The instructions how to allow tags in database has been updated like the following example:

This did not work:
tep_db_input($var, false, true)

This works:
tep_db_input($var, 'db_link', true)

[TiM's osC Solutions] Safer Database Input Method TiM-SE 8 Feb 2009