mirrors/nextcloud-documentation
3
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2025-10-26 11:18:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix typos in security docs

Browse Source
This commit is contained in:
xMartin 2018-03-24 15:22:34 +01:00 committed by GitHub
parent b725138194
commit f181abf01f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
developer_manual/general/security.rst
View File

@ -25,7 +25,7 @@ To prevent this, always use prepared queries:
$params = array(1);
$result = $query->execute($params);
If the App Framework is used, write SQL queries like this in the a class that extends the Mapper:
If the App Framework is used, write SQL queries like this in a class that extends the Mapper:
.. code-block:: php
@ -107,7 +107,7 @@ Clickjacking
To prevent such attacks Nextcloud sends the `X-Frame-Options` header to all template responses. Don't remove this header if you don't really need it!
This is already built into Nextcloud if :php:class:`OC_Template`.
This is already built into Nextcloud in :php:class:`OC_Template`.
Code executions / file inclusions
---------------------------------
@ -136,7 +136,7 @@ Code executions and file inclusions can be easily prevented by **never** allowin
Directory traversal
-------------------
Very often developers forget about sanitizing the file path (removing all \\ and /), this allows an attacker to traverse through directories on the server which opens several potential attack vendors including privilege escalations, code executions or file disclosures.
Very often developers forget about sanitizing the file path (removing all \\ and /), this allows an attacker to traverse through directories on the server which opens several potential attack vectors including privilege escalations, code executions or file disclosures.
**DON'T**