1. Register and use actions to process your files (http://docs.elgg.org/wiki/Actions)
2. Add security tokens
Forms must be rendered using elgg_view_form()
OR
You must add security tokens elgg_view('input/securitytoken');
3. Use get_input() to retrieve form data to ensure proper escaping
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.