No announcement yet.

[vBulletin API] is callApi() input filtered?

  • Filter
  • Time
  • Show
Clear All
new posts

  • [vBulletin API] is callApi() input filtered?


    I was wondering if the callapi function is safe, meaning that the input is filtered inside the function.

    Would something in myscript.php like

    $loginInfo = $api->callApi('user', 'login', array( $_POST["user"], $_POST["password"]) );

    be considered safe, or could the content of the password (e.g. " ' " ) potentially be harmful for a SQL injection?

    I assume i don't have to do any filtering (otherwise a password like MY'PASSW"ORD could not work if i used, lets say, htmlentities() to filter them out) but I wanted to make sure that the input is automatically filtered inside callApi.

    Thank you!

  • #2
    The API and database system clean variables that are sent to them.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud customization and demonstration site.
    vBulletin 5 Documentation - Updated every Friday. Report issues here.
    vBulletin 5 API - Full / Mobile
    I am not currently available for vB Messenger Chats.


    • #3
      Thank you, just wanted to make sure!


      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.