Item11501: User registration needs mechanism to validate form fields

pencil
Priority: Urgent
Current State: Closed
Released In: 1.1.5
Target Release: patch
Applies To: Engine
Component: FoswikiUIRegister, TopicUserMappingContrib
Branches: Release01x01 trunk
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
ALERT! See SecurityAlert-CVE-2012-1004 for important information about this task

The form fields submitted during registration other than those validated as part of the registration process - FirstName, LastName, Login name, wikiname, etc. are not validated.

This is really an enhancement, but is marked urgent.

  • add a validateRegistrationField function to Users.pm
    • Called with fieldname, fieldvalue
    • Returns sanitized field, or can throw oops.
  • Provide basic validation in Users.pm if not implemented in the mapper.

Register.pm should call this routine for each field in the query prior to allowing the registration to proceed.

-- GeorgeClark - 03 Feb 2012

See also: Support.SecurityAlert-CVE-2012-1004, and Item11498

-- PaulHarvey - 04 Feb 2012
 
Topic revision: r17 - 11 Apr 2012, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy