Foswiki on GitHub is open for business! Next release meeting: Monday Nov. 17, 1300Z

Item2520: Reading form field values from topic happens with tainted topic name

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Normal Closed Engine    
Editing a topic with a form where the form has e.g. a select with values defined in a topic.

This causes a taint error if taint asserts are enabled (developer thing).

It turns out the reading of the topic name from the form results in a tainted topic name.

However at some point we normallize the topic / web AND we check that the topic exists, so we have a pretty good check that the data is valid.

This means that we can untaint the variable.

I am checking this in.

-- KennethLavrsen - 22 Dec 2009

ItemTemplate edit

Summary Reading form field values from topic happens with tainted topic name
ReportedBy KennethLavrsen
Codebase 1.0.8
SVN Range
AppliesTo Engine
Component
Priority Normal
CurrentState Closed
WaitingFor
Checkins distro:09869162fef2 distro:befb3c50a33e
TargetRelease patch
ReleasedIn 1.0.9
Topic revision: r4 - 17 Jan 2010, PaulHarvey
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons License