Summary:
URL parameter clean not being done - subject to injection attacks
Detailed Description:
/LISE/lib/class.LISEInstance.php
In the "public function InitializeFrontend()" line 178 the template_detail
parameter is missing; instead it has this which may be out of date (or at least
isn't mentioned in the Admin Help docs
$this->SetParameterType('detailtemplate', CLEAN_STRING);
So this needs to be added
$this->SetParameterType('template_detail', CLEAN_STRING);
Back to List