Skip to content

Removing default sanitizing of all API params and request vars #11786

New issue
New issue
Open
Open
Removing default sanitizing of all API params and request vars#11786
Labels
Technical debtIssues the will help to reduce technical debtc: PlatformFor Matomo platform changes that aren't impacting any of our APIs but improve the core itself.
Milestone
6.0.0
@tsteur

Description

@tsteur
tsteur
opened on Jun 12, 2017

To prevent issues like https://github.com/piwik/plugin-CustomDimensions/issues/62

I would say the current way of sanitizing all input is rather an anti pattern and causes lots of bugs.

We need to check if we can remove this behaviour. Problem is that some functionality may not work anymore 100% and we need to make sure that all values are properly escaped when using them to not run into any security issues after removing it. This will be lots of work and need to see if we can manage this in Piwik 4.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Technical debtIssues the will help to reduce technical debtc: PlatformFor Matomo platform changes that aren't impacting any of our APIs but improve the core itself.

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions