[Catalyst] Potential query string pollution vulnerability?

Tobias Kremer tobias.kremer at gmail.com
Tue Jun 16 09:52:32 GMT 2009

> You are not validating your input. That's all there is to say...

True, but I think that many people are led to believe that their input
is being correctly quoted by DBIC which in most cases it is, but in
this particular case it is not. I'm just trying to safe people from
the consequences of this rare but not so obvious behaviour. Sorry, if
this is not what this mailing list is about. Geez ...


More information about the Catalyst mailing list