Jonathan Hemley Posted January 8, 2010 Share Posted January 8, 2010 Does anyone know how secure the latest Prestashop is ? Is it protected from 1) SQL Injection 2) XSS, and 3) SMTP header injection ? Link to comment Share on other sites More sharing options...
Patric Posted January 8, 2010 Share Posted January 8, 2010 Hi JohnathanSQL injections are stopped by the psql function, for the XSS we are using Smarty's sanitize functions and Tools::getValue(), lastly, for the SMTP header injections, the contact form fields are also sanitized.Regards, Link to comment Share on other sites More sharing options...
Jonathan Hemley Posted January 9, 2010 Author Share Posted January 9, 2010 So, it sounds like the current version of Prestashop is pretty bullet proof. Is that an accurate statement ? Link to comment Share on other sites More sharing options...
Gregory Roussac Posted February 12, 2010 Share Posted February 12, 2010 Hello,PrestaShop has just fixed an XSS on SVN version today.Situated on productcomments module.Regards, Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now