Foswiki on GitHub is open for business! Next release meeting: Monday Nov. 17, 1300Z

Item11501: User registration needs mechanism to validate form fields

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Urgent Closed Engine FoswikiUIRegister, TopicUserMappingContrib  
ALERT! See SecurityAlert-CVE-2012-1004 for important information about this task

The form fields submitted during registration other than those validated as part of the registration process - FirstName, LastName, Login name, wikiname, etc. are not validated.

This is really an enhancement, but is marked urgent.

  • add a validateRegistrationField function to Users.pm
    • Called with fieldname, fieldvalue
    • Returns sanitized field, or can throw oops.
  • Provide basic validation in Users.pm if not implemented in the mapper.

Register.pm should call this routine for each field in the query prior to allowing the registration to proceed.

-- GeorgeClark - 03 Feb 2012

See also: Support.SecurityAlert-CVE-2012-1004, and Item11498

-- PaulHarvey - 04 Feb 2012
 
Topic revision: r17 - 11 Apr 2012, GeorgeClark
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License