Introduction

Gelato development team and community does its best to be address security matters in a timely fashion. In order to maintain a high standard of security, Gelato requests that all developers

Details

• Please limit the number of pages that web browser must interact with. Please attempt to send all HTTP REQUESTS to index.php or admin/index.php. All pages that do receive direct HTTP REQUESTS should start with this code:

if(!defined('entry')) define('entry', true);

• All pages that do not have direct http requests sent to them should start with this line of code:

• If HTTP REQUEST variables are going to end up in a SQL query, please add functions to validate the string to the best of your ability.
• Please require_once('entry.php') and use the $db, $user, $tumble as globals on pages you code
• There is a forthcoming sanitizing XSS function. Please use it around all HTTP REQUESTS