XSS attack prevention changes in 2.7.1 (2 posts)

  1. caemusic
    Posted 7 years ago #

    I've highly customized my php files, so I'd rather not upgrade.. I just want to add the filter enhancements to help prevent XSS attacks so I'm going to do it manually.

    After looking at the diff logs I want to make sure I'm doing it right. I'm assuming red means deleted and green means added? All three patches made changes to formatting.php so it's sort of confusing.

    Are the fixes mentioned on this page the only changes in 2.7.1 that help prevent hacks?



  2. The changes made are rather extensive, I would not recommend attempting to implement them yourself.

    Upgrade. If you have customized files, then consider abstracting your customizations into plugins or non-core files.

Topic Closed

This topic has been closed to new replies.

About this Topic