If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org
to view this page for some minimal testing.
for docu changes for 1.2 and 2.0.
Item2520: Reading form field values from topic happens with tainted topic name
Editing a topic with a form where the form has e.g. a select with values defined in a topic.
This causes a taint error if taint asserts are enabled (developer thing).
It turns out the reading of the topic name from the form results in a tainted topic name.
However at some point we normallize the topic / web AND we check that the topic exists, so we have a pretty good check that the data is valid.
This means that we can untaint the variable.
I am checking this in.
- 22 Dec 2009