Reply To: security related isuue

Splash Forums Rewrite Users security related isuue Reply To: security related isuue


Hey Oswald,

This is fairly serious – thanks for pointing it out.

I’m not exactly sure of the best course of action right now. I’ve been thinking about it for the past 24 hours and I think that it’s possible the best solution is to avoid the ‘El’ class entirely (or, like you said, just copy it use a custom version that behaves as you would like.) It is, after all, just a provided configuration element that encapsulates a little bit of the El behavior for you.

I think, that using your own custom El class is totally fair. I need to ask, though… how is this occurring? Is this because you are directly using the El element in a ConfigurationProvider or is this occurring as part of some deeper/provided functionality of Rewrite?