You are here: Foswiki>Tasks Web>Item2520 (17 Jan 2010, PaulHarvey)Edit Attach

Item2520: Reading form field values from topic happens with tainted topic name

Priority: Normal
Current State: Closed
Released In: 1.0.9
Target Release: patch
Applies To: Engine
Reported By: KennethLavrsen
Waiting For:
Last Change By: PaulHarvey
Editing a topic with a form where the form has e.g. a select with values defined in a topic.

This causes a taint error if taint asserts are enabled (developer thing).

It turns out the reading of the topic name from the form results in a tainted topic name.

However at some point we normallize the topic / web AND we check that the topic exists, so we have a pretty good check that the data is valid.

This means that we can untaint the variable.

I am checking this in.

-- KennethLavrsen - 22 Dec 2009

ItemTemplate edit

Summary Reading form field values from topic happens with tainted topic name
ReportedBy KennethLavrsen
Codebase 1.0.8
SVN Range
AppliesTo Engine
Priority Normal
CurrentState Closed
Checkins distro:09869162fef2 distro:befb3c50a33e
TargetRelease patch
ReleasedIn 1.0.9
Topic revision: r4 - 17 Jan 2010, PaulHarvey
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy