Item12395: insecure dependency in a couple of file operations
Current State: Closed
Released In: n/a
The store tries to use tainted strings in file operations in a couple of places.
throws errors opening or unlinking files, e.g. here:
--- lib/Foswiki/Store/PlainFile.pm (revision 16537)
+++ lib/Foswiki/Store/PlainFile.pm (working copy)
@@ -467,6 +467,9 @@
my $latest = _latestFile($meta);
my $hf = _historyFile( $meta, undef, $rn );
my $t = ( stat $latest ); # SMELL: use TOPICINFO?
+$hf = Foswiki::Sandbox::untaintUnchecked($hf);
- 19 Feb 2013
Wasted a lot of time running the (previously working) VCStoreTests
, only to find they have been recoded to be specific to the RCS store implementation
- 28 Feb 2013