NOTE: If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org to view this page for some minimal testing.
Use Item9693 for docu changes for 1.2 and 2.0.
You are here: Foswiki>Tasks Web>Item2520 (17 Jan 2010, PaulHarvey) Edit this topic text (e) Attach an image or document to this topic; manage existing attachments (a) View sequential topic history View without formatting (v) Create new topic Printable version of this topic (p) More: delete or rename this topic; set parent topic; view and compare revisions (m)

Item2520: Reading form field values from topic happens with tainted topic name

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Normal Closed Engine    
Editing a topic with a form where the form has e.g. a select with values defined in a topic.

This causes a taint error if taint asserts are enabled (developer thing).

It turns out the reading of the topic name from the form results in a tainted topic name.

However at some point we normallize the topic / web AND we check that the topic exists, so we have a pretty good check that the data is valid.

This means that we can untaint the variable.

I am checking this in.

-- KennethLavrsen - 22 Dec 2009

ItemTemplate edit

Summary Reading form field values from topic happens with tainted topic name
ReportedBy KennethLavrsen
Codebase 1.0.8
SVN Range
AppliesTo Engine
Component
Priority Normal
CurrentState Closed
WaitingFor
Checkins Foswikirev:5847 Foswikirev:5848
TargetRelease patch
ReleasedIn 1.0.9
Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r4 - 17 Jan 2010, PaulHarvey
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons LicenseGet Foswiki at sourceforge.net. Fast, secure and Free Open Source software downloads