New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists

Item11501: User registration needs mechanism to validate form fields

Priority: Urgent
Current State: Closed
Released In: 1.1.5
Target Release: patch
Applies To: Engine
Component: FoswikiUIRegister, TopicUserMappingContrib
Branches: Release01x01 trunk
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
ALERT! See SecurityAlert-CVE-2012-1004 for important information about this task

The form fields submitted during registration other than those validated as part of the registration process - FirstName, LastName, Login name, wikiname, etc. are not validated.

This is really an enhancement, but is marked urgent.

  • add a validateRegistrationField function to
    • Called with fieldname, fieldvalue
    • Returns sanitized field, or can throw oops.
  • Provide basic validation in if not implemented in the mapper. should call this routine for each field in the query prior to allowing the registration to proceed.

-- GeorgeClark - 03 Feb 2012

See also: Support.SecurityAlert-CVE-2012-1004, and Item11498

-- PaulHarvey - 04 Feb 2012
Topic revision: r17 - 11 Apr 2012, GeorgeClark - This page was cached on 10 Mar 2018 - 23:04.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License