martynj1980 Posted January 12, 2013 Share Posted January 12, 2013 (edited) Hi, I would like to start developing prestashop and have a few questions to make sure any mods I make will be secure from SQL injection and XSS attacks. Here are my questions: 1. Directly echoing user input Does smarty deal with cleaning up user input in _GET and _POST ? So I can safely echo the user input using: {$smarty.post.my_field|escape:'htmlall':'UTF-8'} Do I need to do anything else with the data to safely echo it onto the page? 2. Storing user input into a cookie and echoing or adding to database To safely store data into a cookie should I use: $cookie->my_field =Tools::getValue('my_field'); What do I need to do to the data to echo it back onto a page? Is this method secure? $smarty->assign('my_field', $cookie->my_field) Should I use Tools::safeOutput() here? {$my_field|escape:'htmlall':'UTF-8'} If I want to add the data in the cookie into the database is this fine? pSQL($cookie->my_field) 3. To store the user input into a database is it safe to use this? $my_field =Tools::getValue('my_field'); $my_field =pSQL($my_field); $sql ="insert into "._DB_PREFIX_."table ( my_field_col) values('$my_field')"; Or should I be cleaning up the input in another way? Sorry if this is covered elsewhere, I know it seems a little basic but I would like to make sure security is covered before I start thinking about any real development. Many thanks, any other advice or help about this would be appreciated or if you would like to add anything I have not covered. Edited January 12, 2013 by martynj1980 (see edit history) Link to comment Share on other sites More sharing options...
martynj1980 Posted January 16, 2013 Author Share Posted January 16, 2013 Hi, I Just wanted to give this a bump to see if anyone could help me clear this up. Any help would be appreciated or a nudge in the right direction. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now