Gregory Maxwell wrote:
Since most of these are in places where I can just go fix them, I've been doing a little of that, and will probably eventually go around and get them all... I'm assuming that these were entered in before we were correctly filtering text,
Yes, some old ones in images etc still.
but I'm somewhat concerned that there may be some data entry paths which are not being filtered. Is this possible? If so, I'll create some test cases.
Unlikely but possible. Check WebRequest.php etc.
-- brion vibber (brion @ pobox.com)