Announcement

Collapse
No announcement yet.

[vBulletin API] is callApi() input filtered?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • a84a
    replied
    Thank you, just wanted to make sure!

    Leave a comment:


  • Wayne Luke
    replied
    The API and database system clean variables that are sent to them.

    Leave a comment:


  • a84a
    started a topic [vBulletin API] is callApi() input filtered?

    [vBulletin API] is callApi() input filtered?

    Hi,

    I was wondering if the callapi function is safe, meaning that the input is filtered inside the function.

    Would something in myscript.php like

    $loginInfo = $api->callApi('user', 'login', array( $_POST["user"], $_POST["password"]) );

    be considered safe, or could the content of the password (e.g. " ' " ) potentially be harmful for a SQL injection?

    I assume i don't have to do any filtering (otherwise a password like MY'PASSW"ORD could not work if i used, lets say, htmlentities() to filter them out) but I wanted to make sure that the input is automatically filtered inside callApi.

    Thank you!
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X