You are here: Foswiki>Tasks Web>Item2520 (17 Jan 2010, PaulHarvey)Edit Attach

Item2520: Reading form field values from topic happens with tainted topic name

Priority: Normal
Current State: Closed
Released In: 1.0.9
Target Release: patch
Applies To: Engine
Reported By: KennethLavrsen
Waiting For:
Last Change By: PaulHarvey
Editing a topic with a form where the form has e.g. a select with values defined in a topic.

This causes a taint error if taint asserts are enabled (developer thing).

It turns out the reading of the topic name from the form results in a tainted topic name.

However at some point we normallize the topic / web AND we check that the topic exists, so we have a pretty good check that the data is valid.

This means that we can untaint the variable.

I am checking this in.

-- KennethLavrsen - 22 Dec 2009

ItemTemplate edit

Summary Reading form field values from topic happens with tainted topic name
ReportedBy KennethLavrsen
Codebase 1.0.8
SVN Range
AppliesTo Engine
Priority Normal
CurrentState Closed
Checkins distro:09869162fef2 distro:befb3c50a33e
TargetRelease patch
ReleasedIn 1.0.9
Topic revision: r4 - 17 Jan 2010, PaulHarvey - This page was cached on 01 Dec 2015 - 04:40. Get a fresh version here.
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License